diff options
author | Qualys Security Advisory <qsa@qualys.com> | 2021-02-21 21:49:30 -0800 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-04-28 00:40:46 +0200 |
commit | 638f7ca75694bcbb70cfbe7db2ef52af4aca5c83 (patch) | |
tree | e8e575e5731684e19995d7c5297e526250bfd082 | |
parent | 1241deaefb71c40436320af7d0bd04c7c9e54241 (diff) | |
download | exim4-638f7ca75694bcbb70cfbe7db2ef52af4aca5c83.tar.gz |
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
(cherry picked from commit 998e5a9db121c3eff15cac16859bdffd7adcbe57)
-rw-r--r-- | src/src/smtp_in.c | 3 | ||||
-rw-r--r-- | src/src/tls.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index a8b92d0be..258ec03e4 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -831,6 +831,9 @@ Returns: the character int smtp_ungetc(int ch) { +if (smtp_inptr <= smtp_inbuffer) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc"); + *--smtp_inptr = ch; return ch; } diff --git a/src/src/tls.c b/src/src/tls.c index e5aabc6b4..d37a8f9ff 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -157,6 +157,9 @@ Returns: the character int tls_ungetc(int ch) { +if (ssl_xfer_buffer_lwm <= 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc"); + ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; return ch; } |