SECURITY: fix Qualys CVE-2020-PFPZA

(cherry picked from commit 29d7a8c25f182c91d5d30f124f9e296dce5c018e)
author: Phil Pennock <phil+git@pennock-tech.com> 2020-10-29 20:42:40 -0400
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2021-04-28 00:40:20 +0200
commit: 0a6a7a3fd8464bae9ce0cf889e8eeb0bf0bab756 (patch)
tree: 1bd948a0b611cc32819678a08ae74272c7c96019
parent: 4e59a5d5c448e1fcdcbead268ffe6561adf0224d (diff)
download: exim4-0a6a7a3fd8464bae9ce0cf889e8eeb0bf0bab756.tar.gz
2 files changed, 8 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index c8b295b6e..0c7a8ad52 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -184,6 +184,9 @@ PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
       providing a particularly obnoxious sender full name.
       Reported by Qualys.
 
+pp/06 Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
+
+
 
 Exim version 4.94
 -----------------
diff --git a/src/src/parse.c b/src/src/parse.c
index ba5489ba9..c50c8156d 100644
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -979,6 +979,11 @@ if (i < len)
 
 /* No non-printers; use the RFC 822 quoting rules */
 
+if (!len)
+  {
+  return string_copy_taint_function("", is_tainted(phrase));
+  }
+
 buffer = store_get(len*4, is_tainted(phrase));
 
 s = phrase;
author	Phil Pennock <phil+git@pennock-tech.com>	2020-10-29 20:42:40 -0400
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2021-04-28 00:40:20 +0200
commit	0a6a7a3fd8464bae9ce0cf889e8eeb0bf0bab756 (patch)
tree	1bd948a0b611cc32819678a08ae74272c7c96019
parent	4e59a5d5c448e1fcdcbead268ffe6561adf0224d (diff)
download	exim4-0a6a7a3fd8464bae9ce0cf889e8eeb0bf0bab756.tar.gz