diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2007-07-29 09:36:23 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2007-07-29 09:36:23 +0000 |
| commit | 481e6bffbb7c3fd686464478b90a0373c807951c (patch) | |
| tree | b7a2e0a5090829aa857c6335ea3d7eb99aea5c96 | |
| parent | 1cdd882de1191a63cc2e9efc061ea1425f7d8904 (diff) | |
| download | fetchmail-481e6bffbb7c3fd686464478b90a0373c807951c.tar.gz fetchmail-481e6bffbb7c3fd686464478b90a0373c807951c.tar.bz2 fetchmail-481e6bffbb7c3fd686464478b90a0373c807951c.zip | |
Fix long-standing (since r2215/v4.6.8) crash on NULL pointer dereference
when the local SMTP listener rejects a warning message of fetchmail's.
Report and suggested fix by Earl Chew.
svn path=/branches/BRANCH_6-3/; revision=5119
| -rw-r--r-- | NEWS | 8 | ||||
| -rw-r--r-- | sink.c | 2 |
2 files changed, 9 insertions, 1 deletions
@@ -44,6 +44,14 @@ be removed from a 6.4.0 or newer release.) fetchmail 6.3.9 (not yet released): +# CRITICAL BUG FIX: +* When fetchmail tries to inject a warning message it created itself, and the + message is refused by the SMTP listener, fetchmail dereferences a NULL + pointer and crashes. Report and fix by Earl Chew. + This bug was apparently introduced on 1998-11-27 when the bouncemail facility + was modularized by ESR. The bug made then its appearance in fetchmail release + 4.6.8. + # BUG FIXES: * The configure script will additionally check for 'dn_skipname', to fix build failures with µClibc. The new check still recognizes the resolver libraries on @@ -262,7 +262,7 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || + if (!msg || !msg->return_path[0] || strcmp(msg->return_path, "<>") == 0 || strcasecmp(msg->return_path, md1) == 0 || strncasecmp(msg->return_path, md2, strlen(md2)) == 0) |