| From d740d2111f189760593a303124ff6b9b1f83453d Mon Sep 17 00:00:00 2001 |
| From: Jeremy Harris <jgh146exb@wizmail.org> |
| Date: Mon, 27 May 2019 21:57:31 +0100 |
| Subject: [PATCH] Fix CVE-2019-10149 |
| |
| [Peter: drop documentation update, fix path] |
| Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
| --- |
| src/deliver.c | 22 ++++++++++++++-------- |
| 1 files changed, 52 insertions(+), 8 deletions(-) |
| create mode 100644 doc/doc-txt/cve-2019-10149 |
| |
| diff --git a/src/deliver.c b/src/deliver.c |
| index 59256ac2..45cc0723 100644 |
| --- a/src/deliver.c |
| +++ b/src/deliver.c |
| @@ -6227,17 +6227,23 @@ if (process_recipients != RECIP_IGNORE) |
| { |
| uschar * save_local = deliver_localpart; |
| const uschar * save_domain = deliver_domain; |
| + uschar * addr = new->address, * errmsg = NULL; |
| + int start, end, dom; |
| |
| - deliver_localpart = expand_string( |
| - string_sprintf("${local_part:%s}", new->address)); |
| - deliver_domain = expand_string( |
| - string_sprintf("${domain:%s}", new->address)); |
| + if (!parse_extract_address(addr, &errmsg, &start, &end, &dom, TRUE)) |
| + log_write(0, LOG_MAIN|LOG_PANIC, |
| + "failed to parse address '%.100s': %s\n", addr, errmsg); |
| + else |
| + { |
| + deliver_localpart = |
| + string_copyn(addr+start, dom ? (dom-1) - start : end - start); |
| + deliver_domain = dom ? CUS string_copyn(addr+dom, end - dom) : CUS""; |
| |
| - (void) event_raise(event_action, |
| - US"msg:fail:internal", new->message); |
| + event_raise(event_action, US"msg:fail:internal", new->message); |
| |
| - deliver_localpart = save_local; |
| - deliver_domain = save_domain; |
| + deliver_localpart = save_local; |
| + deliver_domain = save_domain; |
| + } |
| } |
| #endif |
| } |
| -- |
| 2.11.0 |
| |