From 899ba91a956b0306a32656bb9c9760a92fcbb631 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Thu, 21 Jun 2018 22:51:26 +0200
Subject: [PATCH] lib-smtp: server: data command: Dereference command at single
 place during input handling.

---
 src/lib-smtp/smtp-server-cmd-data.c | 30 +++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/lib-smtp/smtp-server-cmd-data.c b/src/lib-smtp/smtp-server-cmd-data.c
index f37d1471e4..c74a61a3ff 100644
--- a/src/lib-smtp/smtp-server-cmd-data.c
+++ b/src/lib-smtp/smtp-server-cmd-data.c
@@ -247,28 +247,22 @@ static void cmd_data_input_error(struct smtp_server_cmd_ctx *cmd)
 	}
 }
 
-static int cmd_data_handle_input(struct smtp_server_cmd_ctx *cmd)
+static int cmd_data_do_handle_input(struct smtp_server_cmd_ctx *cmd)
 {
 	struct smtp_server_connection *conn = cmd->conn;
 	const struct smtp_server_callbacks *callbacks = conn->callbacks;
 	struct smtp_server_command *command = cmd->cmd;
 	struct cmd_data_context *data_cmd = command->data;
-	ssize_t ret;
+	int ret;
 
 	i_assert(data_cmd != NULL);
 
-	if (!smtp_server_cmd_data_check_size(cmd))
-		return -1;
-
-	/* continue reading from client */
-	smtp_server_command_ref(command);
 	i_assert(callbacks != NULL &&
 		 callbacks->conn_cmd_data_continue != NULL);
 	ret = callbacks->conn_cmd_data_continue(conn->context,
 		cmd, conn->state.trans);
 	if (ret >= 0) {
 		if (!smtp_server_cmd_data_check_size(cmd)) {
-			smtp_server_command_unref(&command);
 			return -1;
 		} else if (!i_stream_have_bytes_left(conn->state.data_input)) {
 			smtp_server_command_debug(cmd,
@@ -291,15 +285,31 @@ static int cmd_data_handle_input(struct smtp_server_cmd_ctx *cmd)
 	} else {
 		if (conn->state.data_input->stream_errno != 0) {
 			cmd_data_input_error(cmd);
-			smtp_server_command_unref(&command);
 			return -1;
 		}
 		/* command is waiting for external event or it failed */
 		i_assert(smtp_server_command_is_replied(command));
 	}
+	
+	return 1;
+}
+
+static int cmd_data_handle_input(struct smtp_server_cmd_ctx *cmd)
+{
+	struct smtp_server_command *command = cmd->cmd;
+	int ret;
+
+	if (!smtp_server_cmd_data_check_size(cmd))
+		return -1;
+
+	smtp_server_command_ref(command);
+
+	/* continue reading from client */
+	ret = cmd_data_do_handle_input(cmd);
+	
 	smtp_server_command_unref(&command);
 
-	return 1;
+	return ret;
 }
 
 static void cmd_data_input(struct smtp_server_cmd_ctx *cmd)