Commit | Line | Data |
---|---|---|
0c0c20aa AM |
1 | From 9db12ffa00aa1dcbe60eec543307f405e35cfe15 Mon Sep 17 00:00:00 2001 |
2 | From: Qualys Security Advisory <qsa@qualys.com> | |
3 | Date: Sun, 21 Feb 2021 18:54:16 -0800 | |
4 | Subject: [PATCH 01/29] CVE-2020-28025: Heap out-of-bounds read in | |
5 | pdkim_finish_bodyhash() | |
6 | ||
7 | --- | |
8 | src/pdkim/pdkim.c | 6 +++--- | |
9 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
10 | ||
11 | diff --git a/src/pdkim/pdkim.c b/src/pdkim/pdkim.c | |
12 | index 594af03c5..e203311da 100644 | |
13 | --- a/src/pdkim/pdkim.c | |
14 | +++ b/src/pdkim/pdkim.c | |
15 | @@ -825,7 +825,7 @@ for (sig = ctx->sig; sig; sig = sig->next) | |
16 | /* VERIFICATION --------------------------------------------------------- */ | |
17 | /* Be careful that the header sig included a bodyash */ | |
18 | ||
19 | - if ( sig->bodyhash.data | |
20 | + if (sig->bodyhash.data && sig->bodyhash.len == b->bh.len | |
21 | && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0) | |
22 | { | |
23 | DEBUG(D_acl) debug_printf("PDKIM [%s] Body hash compared OK\n", sig->domain); | |
24 | @@ -1524,7 +1524,7 @@ for (sig = ctx->sig; sig; sig = sig->next) | |
25 | do this hash incrementally. | |
26 | We don't need the hash we're calculating here for the GnuTLS and OpenSSL | |
27 | cases of RSA signing, since those library routines can do hash-and-sign. | |
28 | - | |
29 | + | |
30 | Some time in the future we could easily avoid doing the hash here for those | |
31 | cases (which will be common for a long while. We could also change from | |
32 | the current copy-all-the-headers-into-one-block, then call the hash-and-sign | |
33 | @@ -1779,7 +1779,7 @@ for (sig = ctx->sig; sig; sig = sig->next) | |
34 | ); | |
35 | goto NEXT_VERIFY; | |
36 | } | |
37 | - | |
38 | + | |
39 | /* Make sure sig uses supported DKIM version (only v1) */ | |
40 | if (sig->version != 1) | |
41 | { | |
42 | -- | |
43 | 2.30.2 | |
44 |