US"callout")
|| !smtp_get_port(tf->port, addr, &port, US"callout")
)
+
+commit 1bd52978055bc07dfa150d296ffb344f10fff7fe
+Author: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon Nov 2 19:03:26 2015 +0000
+
+ Avoid misaligned access in cached lookup. Bug 1708
+
+ (cherry picked from commit 98b98887f926be87eabccc7919e57ce625c63c03)
+
+diff --git a/src/src/search.c b/src/src/search.c
+index cd522da..ccad250 100644
+--- a/src/src/search.c
++++ b/src/src/search.c
+@@ -540,10 +540,10 @@ else
+ }
+ else
+ {
+- t = store_get(sizeof(tree_node) + len + sizeof(expiring_data));
+- e = (expiring_data *)((char *)t + sizeof(tree_node) + len);
++ e = store_get(sizeof(expiring_data) + sizeof(tree_node) + len);
+ e->expiry = do_cache == UINT_MAX ? 0 : time(NULL)+do_cache;
+ e->ptr = data;
++ t = (tree_node *)(e+1);
+ memcpy(t->name, keystring, len);
+ t->data.ptr = e;
+ tree_insertnode(&c->item_cache, t);
+
+commit e7c3de301824738c6f302e02e566f9da75d3130c
+Author: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu Oct 15 21:40:17 2015 +0100
+
+ DKIM: ignore space & tab embedded in base64 during decode. Bug 1700
+
+ (cherry picked from commit 0f557e9065b0bcfce38ee1fea5fc947bf0c5431c)
+
+diff --git a/src/src/pdkim/base64.c b/src/src/pdkim/base64.c
+index a82fc2d..1395be4 100644
+--- a/src/src/pdkim/base64.c
++++ b/src/src/pdkim/base64.c
+@@ -128,20 +128,22 @@ int base64_decode( unsigned char *dst, int *dlen,
+
+ for( i = j = n = 0; i < slen; i++ )
+ {
++ unsigned char c = src[i];
++
+ if( ( slen - i ) >= 2 &&
+- src[i] == '\r' && src[i + 1] == '\n' )
++ c == '\r' && src[i + 1] == '\n' )
+ continue;
+
+- if( src[i] == '\n' )
++ if( c == '\n' || c == ' ' || c == '\t' )
+ continue;
+
+- if( src[i] == '=' && ++j > 2 )
++ if( c == '=' && ++j > 2 )
+ return( POLARSSL_ERR_BASE64_INVALID_CHARACTER );
+
+- if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
++ if( c > 127 || base64_dec_map[src[i]] == 127 )
+ return( POLARSSL_ERR_BASE64_INVALID_CHARACTER );
+
+- if( base64_dec_map[src[i]] < 64 && j != 0 )
++ if( base64_dec_map[c] < 64 && j != 0 )
+ return( POLARSSL_ERR_BASE64_INVALID_CHARACTER );
+
+ n++;
+@@ -160,11 +162,13 @@ int base64_decode( unsigned char *dst, int *dlen,
+
+ for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
+ {
+- if( *src == '\r' || *src == '\n' )
++ unsigned char c = *src;
++
++ if( c == '\r' || c == '\n' || c == ' ' || c == '\t' )
+ continue;
+
+- j -= ( base64_dec_map[*src] == 64 );
+- x = (x << 6) | ( base64_dec_map[*src] & 0x3F );
++ j -= ( base64_dec_map[c] == 64 );
++ x = (x << 6) | ( base64_dec_map[c] & 0x3F );
+
+ if( ++n == 4 )
+ {
+
+commit a23a9d099ac9d112a6d961e00539bcf1bbb1ef7e
+Author: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed Nov 25 17:49:03 2015 +0000
+
+ MIME: fix crash on filenames having null charset. Bug 1730
+
+ (cherry picked from commit 622dbd6a512d2c7786125e3b80e96a43e54b8e90)
+
+diff --git a/src/src/mime.c b/src/src/mime.c
+index 618364a..cc9ffb7 100644
+--- a/src/src/mime.c
++++ b/src/src/mime.c
+@@ -550,7 +550,8 @@ int size = 0, ptr = 0;
+ uschar * val = string_cat(NULL, &size, &ptr, US"=?", 2);
+ uschar c;
+
+-val = string_cat(val, &size, &ptr, charset, Ustrlen(charset));
++if (charset)
++ val = string_cat(val, &size, &ptr, charset, Ustrlen(charset));
+ val = string_cat(val, &size, &ptr, US"?Q?", 3);
+
+ while ((c = *fname))
+@@ -607,7 +608,7 @@ while(1)
+ if (!fgets(CS header, MIME_MAX_HEADER_SIZE, f))
+ {
+ /* Hit EOF or read error. Ugh. */
+- DEBUG(D_acl) debug_printf("Hit EOF ...\n");
++ DEBUG(D_acl) debug_printf("MIME: Hit EOF ...\n");
+ return rc;
+ }
+
+@@ -619,12 +620,12 @@ while(1)
+ if (Ustrncmp((header+2+Ustrlen(context->boundary)), "--", 2) == 0)
+ {
+ /* END boundary found */
+- DEBUG(D_acl) debug_printf("End boundary found %s\n",
++ DEBUG(D_acl) debug_printf("MIME: End boundary found %s\n",
+ context->boundary);
+ return rc;
+ }
+
+- DEBUG(D_acl) debug_printf("Next part with boundary %s\n",
++ DEBUG(D_acl) debug_printf("MIME: Next part with boundary %s\n",
+ context->boundary);
+ break;
+ }
+@@ -648,7 +649,7 @@ while(1)
+
+ for (q = p; *q != ';' && *q; q++) ;
+ *mh->value = string_copynlc(p, q-p);
+- DEBUG(D_acl) debug_printf("found %s MIME header, value is '%s'\n",
++ DEBUG(D_acl) debug_printf("MIME: found %s header, value is '%s'\n",
+ mh->name, *mh->value);
+
+ if (*(p = q)) p++; /* jump past the ; */
+@@ -666,7 +667,7 @@ while(1)
+ {
+ mime_parameter * mp;
+
+- DEBUG(D_acl) debug_printf(" considering paramlist '%s'\n", p);
++ DEBUG(D_acl) debug_printf("MIME: considering paramlist '%s'\n", p);
+
+ if ( !mime_filename
+ && strncmpic(CUS"content-disposition:", header, 20) == 0
+@@ -700,22 +701,27 @@ while(1)
+ uschar * s = q;
+
+ /* look for a ' in the "filename" */
+- while(*s != '\'' && *s) s++; /* s is ' or NUL */
++ while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */
+
+ if ((size = s-q) > 0)
+- {
+ mime_filename_charset = string_copyn(q, size);
+- p = s;
+
+- while(*p == '\'' && *p) p++; /* p is after ' */
+- }
++ if (*(p = s)) p++;
++ while(*p == '\'') p++; /* p is after 2nd ' */
+ }
+ else
+ p = q;
+
++ DEBUG(D_acl) debug_printf("MIME: charset %s fname '%s'\n",
++ mime_filename_charset ? mime_filename_charset : US"<NULL>", p);
++
+ temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen);
+- temp_string = rfc2047_decode(temp_string, FALSE, NULL, 32,
++ DEBUG(D_acl) debug_printf("MIME: 2047-name %s\n", temp_string);
++
++ temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
+ NULL, &err_msg);
++ DEBUG(D_acl) debug_printf("MIME: plain-name %s\n", temp_string);
++
+ size = Ustrlen(temp_string);
+
+ if (size == slen)
+@@ -750,7 +756,7 @@ while(1)
+ &dummy_errstr)
+ : NULL;
+ DEBUG(D_acl) debug_printf(
+- " found %s MIME parameter in %s header, value '%s'\n",
++ "MIME: found %s parameter in %s header, value '%s'\n",
+ mp->name, mh->name, *mp->value);
+
+ break; /* done matching param names */
+@@ -768,7 +774,7 @@ while(1)
+ if (decoding_failed) mime_filename = mime_fname_rfc2231;
+
+ DEBUG(D_acl) debug_printf(
+- " found %s MIME parameter in %s header, value is '%s'\n",
++ "MIME: found %s parameter in %s header, value is '%s'\n",
+ "filename", mh->name, mime_filename);
+ }
+ }
+@@ -809,8 +815,9 @@ while(1)
+ (nested_context.boundary != NULL) &&
+ (Ustrncmp(mime_content_type,"multipart",9) == 0) )
+ {
+- DEBUG(D_acl) debug_printf("Entering multipart recursion, boundary '%s'\n",
+- nested_context.boundary);
++ DEBUG(D_acl)
++ debug_printf("MIME: Entering multipart recursion, boundary '%s'\n",
++ nested_context.boundary);
+
+ nested_context.context =
+ context && context->context == MBC_ATTACHMENT
+
+commit 8d58e3501ce731c5d6d5efc9e76058832d4bc941
+Author: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu Jan 21 15:37:08 2016 +0000
+
+ Cutthrough: Fix bug with dot-only line
+
+ (cherry picked from commit 1bc460a64a0de0766d21f4f8660c6597bc410cbc)
+
+diff --git a/src/src/receive.c b/src/src/receive.c
+index 64cf1ae..d1f81d3 100644
+--- a/src/src/receive.c
++++ b/src/src/receive.c
+@@ -835,7 +835,15 @@ while ((ch = (receive_getc)()) != EOF)
+ ch_state = 4;
+ continue;
+ }
+- ch_state = 1; /* The dot itself is removed */
++ /* The dot was removed at state 3. For a doubled dot, here, reinstate
++ it to cutthrough. The current ch, dot or not, is passed both to cutthrough
++ and to file below. */
++ if (ch == '.')
++ {
++ uschar c= ch;
++ (void) cutthrough_puts(&c, 1);
++ }
++ ch_state = 1;
+ break;
+
+ case 4: /* After [CR] LF . CR */