https://bugs.exim.org/show_bug.cgi?id=2199
Jeremy Harris <jgh146exb@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|nigel@??? |jgh146exb@???
--- Comment #12 from Jeremy Harris <jgh146exb@???> ---
Please test this possible fix:
if (!store_extend(next->text, oldsize, header_size))
{
+ BOOL release_ok = store_last_get[store_pool] == next->text;
uschar *newtext = store_get(header_size);
memcpy(newtext, next->text, ptr);
- store_release(next->text);
+ if (release_ok) store_release(next->text);
next->text = newtext;
}
Also: you originally said "exploitable to RCE". Is that "Remote Code
Execution"?
If so, how?
What about "uaf" - what is that?
--
You are receiving this mail because:
You are on the CC list for the bug.
