Gitweb:
https://git.exim.org/exim.git/commitdiff/a06ffc5a1b1a49e0e8cd6522ce5a005948333458
Commit: a06ffc5a1b1a49e0e8cd6522ce5a005948333458
Parent: 748ff65b0d648e9d4d1077190a07679dd54ab231
Author: Qualys Security Advisory <qsa@???>
AuthorDate: Sun Feb 21 19:22:33 2021 -0800
Committer: Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Thu May 27 21:30:46 2021 +0200
CVE-2020-28011: Heap buffer overflow in queue_run()
(cherry picked from commit 6e1fb878e95f8e6f838ffde5258c7a969c981865)
(cherry picked from commit 08102cbe8102f99b31655aa0e926c45b427efe6d)
---
src/src/queue.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/src/queue.c b/src/src/queue.c
index 4c93c1d..5677845 100644
--- a/src/src/queue.c
+++ b/src/src/queue.c
@@ -396,12 +396,18 @@ if (!recurse)
p += sprintf(CS p, " -q%s", extras);
if (deliver_selectstring)
- p += sprintf(CS p, " -R%s %s", f.deliver_selectstring_regex? "r" : "",
- deliver_selectstring);
+ {
+ snprintf(CS p, big_buffer_size - (p - big_buffer), " -R%s %s",
+ f.deliver_selectstring_regex? "r" : "", deliver_selectstring);
+ p += Ustrlen(CCS p);
+ }
if (deliver_selectstring_sender)
- p += sprintf(CS p, " -S%s %s", f.deliver_selectstring_sender_regex? "r" : "",
- deliver_selectstring_sender);
+ {
+ snprintf(CS p, big_buffer_size - (p - big_buffer), " -S%s %s",
+ f.deliver_selectstring_sender_regex? "r" : "", deliver_selectstring_sender);
+ p += Ustrlen(CCS p);
+ }
log_detail = string_copy(big_buffer);
if (*queue_name)
