diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-09-02 23:04:26 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-09-02 23:04:26 +0200 |
commit | f747b3ae38be34793d705e21853b2ecb7cb12c19 (patch) | |
tree | b991b447d5d79bb94133129774478dcc1007254b | |
parent | 82a2168e61cfb643efc36ecc726828ff0da37f49 (diff) | |
download | curl-bagder/smtp-short-ehlo.tar.gz |
smtp: check for and bail out on too short EHLO responsebagder/smtp-short-ehlo
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.
Bug: https://crbug.com/oss-fuzz/16918
Assisted-by: Max Dymond
-rw-r--r-- | lib/smtp.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/smtp.c b/lib/smtp.c index 0db3c1e1c..65220b0f6 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -714,7 +714,7 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode, result = CURLE_REMOTE_ACCESS_DENIED; } } - else { + else if(len >= 4) { line += 4; len -= 4; @@ -785,6 +785,10 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode, result = smtp_perform_authentication(conn); } } + else { + failf(data, "Unexpectedly short EHLO response"); + result = CURLE_WEIRD_SERVER_REPLY; + } return result; } |