Mailing List Archive

[Bug 2409] New: Callout verification response buffer with non-ASCII characters is returned in the user message
https://bugs.exim.org/show_bug.cgi?id=2409

Bug ID: 2409
Summary: Callout verification response buffer with non-ASCII
characters is returned in the user message
Product: Exim
Version: 4.92
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
Assignee: jgh146exb@wizmail.org
Reporter: bugzilla.exim.simon@arlott.org
CC: exim-dev@exim.org

If a sender verify callout receives non-ASCII characters (e.g. in response to
an initial connection to port 465 but TLS could not be started) then this is
put in addr->user_message unmodified in src/src/verify.c (sx.buffer):

addr->user_message = options & vopt_is_recipient
? string_sprintf("Callout verification failed:\n%s", sx.buffer)
: string_sprintf("Called: %s\nSent: %s\nResponse: %s",
host->address, big_buffer, sx.buffer);

I think the original reason why this is the unmodified response is because it
could contain multiple lines that should be preserved to make the message
readable.

A variant of string_printing2() that allows newlines as well as tabs is
required to escape this correctly.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##