senders with "smtpd_reject_unlisted_recipient = yes" or
with reject_unlisted_sender. Stephen R. van den Berg (Mr.
procmail). Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
+
+20170430
+
+ Safety net: append a null byte to vstring buffers, so that
+ C-style string operations won't scribble past the end. File:
+ vstring.c.
+
+20170610
+
+ Workaround (introduced: Postfix 3.0 20140718): prevent MIME
+ downgrade of Postfix-generated message/delivery status.
+ It's supposed to be 7bit, therefore quoted-printable encoding
+ is not expected. Problem reported by Griff. File:
+ bounce/bounce_notify_util.c.
(bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ?
"global-" : "");
/* Fix 20140709: addresses may be 8bit. */
- if (NOT_7BIT_MIME(bounce_info))
+ if (NOT_7BIT_MIME(bounce_info)
+ /* BC Fix 20170610: prevent MIME downgrade of message/delivery-status. */
+ && (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED))
post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s",
bounce_info->mime_encoding);
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20170101"
-#define MAIL_VERSION_NUMBER "3.0.8"
+#define MAIL_RELEASE_DATE "20170610"
+#define MAIL_VERSION_NUMBER "3.0.9"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
#include "vbuf_print.h"
#include "vstring.h"
+#ifndef SSIZE_T_MAX
+#define SSIZE_T_MAX __MAXINT__(ssize_t)
+#endif
+
/* vstring_extend - variable-length string buffer extension policy */
static void vstring_extend(VBUF *bp, ssize_t incr)
* (The tests are redundant as long as mymalloc() and myrealloc() reject
* negative length parameters).
*/
- new_len = bp->len + (bp->len > incr ? bp->len : incr);
- if (new_len <= bp->len)
+ if (bp->len > incr)
+ incr = bp->len;
+ if (bp->len > SSIZE_T_MAX - incr - 1)
msg_fatal("vstring_extend: length overflow");
- bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len);
+ new_len = bp->len + incr;
+ bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1);
+ bp->data[new_len] = 0;
bp->len = new_len;
bp->ptr = bp->data + used;
bp->cnt = bp->len - used;
{
VSTRING *vp;
- if (len < 1)
+ if (len < 1 || len > SSIZE_T_MAX - 1)
msg_panic("vstring_alloc: bad length %ld", (long) len);
vp = (VSTRING *) mymalloc(sizeof(*vp));
vp->vbuf.flags = 0;
vp->vbuf.len = 0;
- vp->vbuf.data = (unsigned char *) mymalloc(len);
+ vp->vbuf.data = (unsigned char *) mymalloc(len + 1);
+ vp->vbuf.data[len] = 0;
vp->vbuf.len = len;
VSTRING_RESET(vp);
vp->vbuf.data[0] = 0;
projects / thirdparty / postfix.git / commitdiff
