diff options
author | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-03-29 22:44:47 +0200 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-04-28 00:40:41 +0200 |
commit | 71585e8fcb8704a9f431f5a8d019280cccaad069 (patch) | |
tree | 46f3f0df90b7f8f1e2e4d6cf381e4b302dff2899 | |
parent | 08102cbe8102f99b31655aa0e926c45b427efe6d (diff) | |
download | exim4-71585e8fcb8704a9f431f5a8d019280cccaad069.tar.gz |
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
Based on Phil Pennock's 8a50c88a, done by Qualys
(cherry picked from commit 8161c16ec7320ac6164954bade23179a0ed095eb)
-rw-r--r-- | src/src/parse.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/src/src/parse.c b/src/src/parse.c index 3f1ba222f..32b42cd29 100644 --- a/src/src/parse.c +++ b/src/src/parse.c @@ -1129,12 +1129,7 @@ while (s < end) { if (ss >= end) ss--; *t++ = '('; - if (ss < s) - { - /* Someone has ended the string with "<punct>(". */ - ss = s; - } - else + if (ss > s) { Ustrncpy(t, s, ss-s); t += ss-s; |