Gitweb:
https://git.exim.org/exim.git/commitdiff/cf8734c3fd0823053ae3605beb8681d0957cf4a6
Commit: cf8734c3fd0823053ae3605beb8681d0957cf4a6
Parent: afd37f7448663232f90217006956b1f37b6005bc
Author: Qualys Security Advisory <qsa@???>
AuthorDate: Sun Feb 21 21:49:30 2021 -0800
Committer: Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Thu May 27 21:30:53 2021 +0200
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
(cherry picked from commit 998e5a9db121c3eff15cac16859bdffd7adcbe57)
(cherry picked from commit 638f7ca75694bcbb70cfbe7db2ef52af4aca5c83)
---
src/src/smtp_in.c | 3 +++
src/src/tls.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 9efe7ba..647c231 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -831,6 +831,9 @@ Returns: the character
int
smtp_ungetc(int ch)
{
+if (smtp_inptr <= smtp_inbuffer)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc");
+
*--smtp_inptr = ch;
return ch;
}
diff --git a/src/src/tls.c b/src/src/tls.c
index ddee95d..e073ead 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -457,6 +457,9 @@ Returns: the character
int
tls_ungetc(int ch)
{
+if (ssl_xfer_buffer_lwm <= 0)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc");
+
ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch;
return ch;
}
