diff options
| author | Phil Pennock <phil+git@pennock-tech.com> | 2020-10-29 19:00:51 -0400 |
|---|---|---|
| committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-04-28 00:40:20 +0200 |
| commit | 4e59a5d5c448e1fcdcbead268ffe6561adf0224d (patch) | |
| tree | fcc54d3e8908bcc27846dbdfddbea01f39690a8e | |
| parent | 6d2cfb575c95c1b81597d6b9eb2904cd695d7e4a (diff) | |
| download | exim4-4e59a5d5c448e1fcdcbead268ffe6561adf0224d.tar.gz | |
SECURITY: fix Qualys CVE-2020-PFPSN
(cherry picked from commit 93b6044e1636404f3463f3e1113098742e295542)
| -rw-r--r-- | doc/doc-txt/ChangeLog | 4 | ||||
| -rw-r--r-- | src/src/parse.c | 14 |
2 files changed, 15 insertions, 3 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 7ed412ea9..c8b295b6e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -180,6 +180,10 @@ PP/03 Impose security length checks on various command-line options. PP/04 Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX better. Reported by Qualys. +PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker + providing a particularly obnoxious sender full name. + Reported by Qualys. + Exim version 4.94 ----------------- diff --git a/src/src/parse.c b/src/src/parse.c index 39f5aaec1..ba5489ba9 100644 --- a/src/src/parse.c +++ b/src/src/parse.c @@ -1124,9 +1124,17 @@ while (s < end) { if (ss >= end) ss--; *t++ = '('; - Ustrncpy(t, s, ss-s); - t += ss-s; - s = ss; + if (ss < s) + { + /* Someone has ended the string with "<punct>(". */ + ss = s; + } + else + { + Ustrncpy(t, s, ss-s); + t += ss-s; + s = ss; + } } } |