From b2596d21e976743f42a82b7a7a173c7874386bb4 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Mon, 27 Jan 2014 15:22:03 +0100
Subject: [PATCH] protect qmail-smtpd from large received-lines

This patch corrects a small programming error in
the blast() routine of qmail-smtpd.c.  This is
sometimes referred to as the "Guninski" bug,
in reference to its discoverer.

see
* http://www.guninski.com/qmailcrash.html
* http://thedjbway.b0llix.net/qmail/patches/qmail-1.03.smtpd-blast.patch
---
 qmail-smtpd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'qmail-smtpd.c')

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index ecb7b85..4e40adf 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -760,8 +760,8 @@ int *hops;
         if (flagmaybex) if (pos == 7) ++*hops;
         if (pos < 2) if (ch != "\r\n"[pos]) flagmaybey = 0;
         if (flagmaybey) if (pos == 1) flaginheader = 0;
+        ++pos;
       }
-      ++pos;
       if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez = 1; }
     }
     switch(state) {
-- 
cgit v1.2.3