diff options
author | Jacek Masiulaniec <jacekm@cvs.openbsd.org> | 2009-11-11 10:27:42 +0000 |
---|---|---|
committer | Jacek Masiulaniec <jacekm@cvs.openbsd.org> | 2009-11-11 10:27:42 +0000 |
commit | 2bdf54bbc647d224f9e63b570bdf159d7310887f (patch) | |
tree | d67ee6320cf95d0a6b0cff3ce3ca8c0033e94d7f | |
parent | 5edef8cb541b0474cfe683e527728ba62857d252 (diff) |
Ensure all replies are at least 4 chars long. If only 3 chars were
received, append a space character. This enables other parts of
the daemon to safely index into 4th character of the reply buffer
without the risk of accessing one byte beyond NUL.
ok gilles@
-rw-r--r-- | usr.sbin/smtpd/client.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/usr.sbin/smtpd/client.c b/usr.sbin/smtpd/client.c index 70ad158ae26..dcda54ed35f 100644 --- a/usr.sbin/smtpd/client.c +++ b/usr.sbin/smtpd/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.12 2009/11/10 14:57:03 jacekm Exp $ */ +/* $OpenBSD: client.c,v 1.13 2009/11/11 10:27:41 jacekm Exp $ */ /* * Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -890,9 +890,20 @@ client_getln(struct smtp_client *sp) if (sp->verbose) fprintf(sp->verbose, "<<< %s\n", ln); - if (strlen(ln) == 3) - break; - else if (strlen(ln) < 4 || (ln[3] != ' ' && ln[3] != '-')) { + /* 3-char replies are invalid on their own, append space */ + if (strlen(ln) == 3) { + char buf[5]; + + strlcpy(buf, ln, sizeof(buf)); + strlcat(buf, " ", sizeof(buf)); + free(ln); + if ((ln = strdup(buf)) == NULL) { + cause = "150 strdup error"; + goto done; + } + } + + if (strlen(ln) < 4 || (ln[3] != ' ' && ln[3] != '-')) { cause = "150 garbled smtp reply"; goto done; } |