From: Maxim Dounin <mdounin@mdounin.ru>
Date: Wed, 25 Feb 2015 14:47:43 +0000 (+0300)
Subject: Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.
X-Git-Tag: release-1.7.11~67
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=52c5ba0f377b18c543735baa019a166f25059a7f;p=nginx.git

Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.

There were no buffer overruns in real life as there is extra space
allocated for the Auth-Login-Attempt counter.
---

diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c
index eb7531c80..f040ec194 100644
--- a/src/mail/ngx_mail_auth_http_module.c
+++ b/src/mail/ngx_mail_auth_http_module.c
@@ -1170,9 +1170,9 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
           + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len
                 + sizeof(CRLF) - 1
           + sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1
-          + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len
-          + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len
-          + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len
+          + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len + sizeof(CRLF) - 1
+          + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len + sizeof(CRLF) - 1
+          + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len + sizeof(CRLF) - 1
           + ahcf->header.len
           + sizeof(CRLF) - 1;