Fix do_access: add missing NULL check on msg parameter

The final fallthrough path (no rules matched) called xasprintf(msg, ...)
without checking if msg != NULL, unlike all other xasprintf calls in the
same function. If a caller passes NULL for msg, this would crash in
vasprintf(NULL, ...).

diff --git a/src/access.c b/src/access.c
index a084a63298b8c15b1c2813233ff193d49e6e1d2f..1e9cd3b81d30bbb3543a4beae8608f9040ba7bdf 100644 (file)
--- a/src/access.c
+++ b/src/access.c
@@ -167,9 +167,10 @@ do_access(strlist *rules, strlist *headers, const char *from, char **msg, char *
                }
        }
 
-       xasprintf(msg, "access -"
-                       " A mail from \"%s\" didn't match any rules, and"
-                       " was denied by default.", from);
+       if (msg != NULL)
+               xasprintf(msg, "access -"
+                               " A mail from \"%s\" didn't match any rules, and"
+                               " was denied by default.", from);
        return ACT_DENY;
 }