[exim-cvs] SECURITY: fix Qualys CVE-2020-PFPZA

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Git Commits Mailing List
Date:  
À: exim-cvs
Sujet: [exim-cvs] SECURITY: fix Qualys CVE-2020-PFPZA
Gitweb: https://git.exim.org/exim.git/commitdiff/bafc62583bc4ded96e3a66d2fb98c9d7afaa8768
Commit:     bafc62583bc4ded96e3a66d2fb98c9d7afaa8768
Parent:     cb08e2f59f2166660abc998a0554e64c61d4a0f5
Author:     Phil Pennock <phil+git@???>
AuthorDate: Thu Oct 29 20:42:40 2020 -0400
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Thu May 27 21:30:26 2021 +0200


    SECURITY: fix Qualys CVE-2020-PFPZA


    (cherry picked from commit 29d7a8c25f182c91d5d30f124f9e296dce5c018e)
    (cherry picked from commit 0a6a7a3fd8464bae9ce0cf889e8eeb0bf0bab756)
---
 doc/doc-txt/ChangeLog | 3 +++
 src/src/parse.c       | 5 +++++
 2 files changed, 8 insertions(+)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 07fba9c..95b95e7 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -273,6 +273,9 @@ PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
       providing a particularly obnoxious sender full name.
       Reported by Qualys.


+pp/06 Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
+
+

Exim version 4.94
-----------------
diff --git a/src/src/parse.c b/src/src/parse.c
index 7dfb9a7..8d689e8 100644
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -984,6 +984,11 @@ if (i < len)

/* No non-printers; use the RFC 822 quoting rules */

+if (!len)
+ {
+ return string_copy_taint_function("", is_tainted(phrase));
+ }
+
buffer = store_get(len*4, is_tainted(phrase));

s = phrase;