Bug#946397: Undefined behaviour when using miltertest’s mt.eom_check with MT_SMTPREPLY

To: submit@bugs.debian.org
Subject: Bug#946397: Undefined behaviour when using miltertest’s mt.eom_check with MT_SMTPREPLY
From: David Bürgin <dbuergin@gluet.ch>
Date: Sun, 8 Dec 2019 15:03:00 +0100
Message-id: <[🔎] 20191208140300.GA7372@azadi>
Reply-to: David Bürgin <dbuergin@gluet.ch>, 946397@bugs.debian.org

Package: opendkim-tools
Version: 2.11.0~alpha-12

The MT_SMTPREPLY case in mt_eom_check prints two possibly-NULL char
pointers via format string %s. This triggers undefined behaviour. On my
machine, these pointers are printed as the string ‘(null)’. In any case
this distorts the test result.

The attached patch fixes this by making sure the two char pointers ‘esc’
and ‘text’ are only passed to snprintf when they are not NULL.


--- a/miltertest/miltertest.c	2014-03-20 05:36:13.000000000 +0100
+++ b/miltertest/miltertest.c	2019-12-08 14:17:53.539942468 +0100
@@ -3645,8 +3645,8 @@
 
 				snprintf(rbuf, sizeof rbuf, "%s%s%s%s%s",
 				         smtp,
-				         esc == NULL ? "" : " ", esc,
-				         text == NULL ? "" : " ", text);
+				         esc == NULL ? "" : " ", esc == NULL ? "" : esc,
+				         text == NULL ? "" : " ", text == NULL ? "" : text);
 
 				if (strcmp(rbuf, (char *) r->eom_rdata) == 0)
 				{

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Bug#946386: miltertest’s mt.data() always results in timeout
Next by Date: Processing of ipgrab_0.9.10-3_source.changes
Previous by thread: Bug#946386: marked as done (miltertest’s mt.data() always results in timeout)
Next by thread: Processing of ipgrab_0.9.10-3_source.changes
Index(es):
- Date
- Thread