From 481e6bffbb7c3fd686464478b90a0373c807951c Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 29 Jul 2007 09:36:23 +0000 Subject: Fix long-standing (since r2215/v4.6.8) crash on NULL pointer dereference when the local SMTP listener rejects a warning message of fetchmail's. Report and suggested fix by Earl Chew. svn path=/branches/BRANCH_6-3/; revision=5119 --- NEWS | 8 ++++++++ sink.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index e23b0c80..0c0d831f 100644 --- a/NEWS +++ b/NEWS @@ -44,6 +44,14 @@ be removed from a 6.4.0 or newer release.) fetchmail 6.3.9 (not yet released): +# CRITICAL BUG FIX: +* When fetchmail tries to inject a warning message it created itself, and the + message is refused by the SMTP listener, fetchmail dereferences a NULL + pointer and crashes. Report and fix by Earl Chew. + This bug was apparently introduced on 1998-11-27 when the bouncemail facility + was modularized by ESR. The bug made then its appearance in fetchmail release + 4.6.8. + # BUG FIXES: * The configure script will additionally check for 'dn_skipname', to fix build failures with µClibc. The new check still recognizes the resolver libraries on diff --git a/sink.c b/sink.c index 9dd9ce70..47a40427 100644 --- a/sink.c +++ b/sink.c @@ -262,7 +262,7 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || + if (!msg || !msg->return_path[0] || strcmp(msg->return_path, "<>") == 0 || strcasecmp(msg->return_path, md1) == 0 || strncasecmp(msg->return_path, md2, strlen(md2)) == 0) -- cgit v1.2.3