Skip to content
Permalink
Browse files

smtp: check for and bail out on too short EHLO response

Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.

Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918

Assisted-by: Max Dymond

Closes #4287
  • Loading branch information...
bagder committed Sep 2, 2019
1 parent 198b73d commit 4d0306c6982ad80be532438265c52c39a55889a0
Showing with 5 additions and 1 deletion.
  1. +5 −1 lib/smtp.c
@@ -714,7 +714,7 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode,
result = CURLE_REMOTE_ACCESS_DENIED;
}
}
else {
else if(len >= 4) {
line += 4;
len -= 4;

@@ -785,6 +785,10 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode,
result = smtp_perform_authentication(conn);
}
}
else {
failf(data, "Unexpectedly short EHLO response");
result = CURLE_WEIRD_SERVER_REPLY;
}

return result;
}

0 comments on commit 4d0306c

Please sign in to comment.
You can’t perform that action at this time.