diff options
author | Qualys Security Advisory <qsa@qualys.com> | 2021-02-21 18:54:16 -0800 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-04-28 00:40:38 +0200 |
commit | 1c261b90f627f0489f7dfcf1e66b46cce67f477d (patch) | |
tree | 48ff429e4110c3d667dacbf2b22b0a1d97f69d94 | |
parent | 43c6f0b83200b7082353c50187ef75de3704580a (diff) | |
download | exim4-1c261b90f627f0489f7dfcf1e66b46cce67f477d.tar.gz |
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
(cherry picked from commit cad30cd3fb96196e908e0d66b1b45fdf377c850c)
-rw-r--r-- | src/src/pdkim/pdkim.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 4c73d4fac..4320ecd49 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -825,7 +825,7 @@ for (pdkim_signature * sig = ctx->sig; sig; sig = sig->next) /* VERIFICATION --------------------------------------------------------- */ /* Be careful that the header sig included a bodyash */ - if ( sig->bodyhash.data + if (sig->bodyhash.data && sig->bodyhash.len == b->bh.len && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0) { DEBUG(D_acl) debug_printf("DKIM [%s] Body hash compared OK\n", sig->domain); |