Gitweb:
https://git.exim.org/exim.git/commitdiff/cb08e2f59f2166660abc998a0554e64c61d4a0f5
Commit: cb08e2f59f2166660abc998a0554e64c61d4a0f5
Parent: 5dc522966ae58ac845dc280495af651c9858f152
Author: Phil Pennock <phil+git@???>
AuthorDate: Thu Oct 29 19:00:51 2020 -0400
Committer: Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Thu May 27 21:30:25 2021 +0200
SECURITY: fix Qualys CVE-2020-PFPSN
(cherry picked from commit 93b6044e1636404f3463f3e1113098742e295542)
(cherry picked from commit 4e59a5d5c448e1fcdcbead268ffe6561adf0224d)
---
doc/doc-txt/ChangeLog | 4 ++++
src/src/parse.c | 14 +++++++++++---
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ba9cc1c..07fba9c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -269,6 +269,10 @@ PP/03 Impose security length checks on various command-line options.
PP/04 Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
better. Reported by Qualys.
+PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
+ providing a particularly obnoxious sender full name.
+ Reported by Qualys.
+
Exim version 4.94
-----------------
diff --git a/src/src/parse.c b/src/src/parse.c
index 18a6df1..7dfb9a7 100644
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -1129,9 +1129,17 @@ while (s < end)
{
if (ss >= end) ss--;
*t++ = '(';
- Ustrncpy(t, s, ss-s);
- t += ss-s;
- s = ss;
+ if (ss < s)
+ {
+ /* Someone has ended the string with "<punct>(". */
+ ss = s;
+ }
+ else
+ {
+ Ustrncpy(t, s, ss-s);
+ t += ss-s;
+ s = ss;
+ }
}
}