Commit | Line | Data |
---|---|---|
0c0c20aa AM |
1 | From 7ea481a6471cdad3a674b767f808357b3c7fc721 Mon Sep 17 00:00:00 2001 |
2 | From: Qualys Security Advisory <qsa@qualys.com> | |
3 | Date: Sun, 21 Feb 2021 21:49:30 -0800 | |
4 | Subject: [PATCH 13/29] CVE-2020-28024: Heap buffer underflow in smtp_ungetc() | |
5 | ||
6 | --- | |
7 | src/smtp_in.c | 3 +++ | |
8 | src/tls.c | 3 +++ | |
9 | 2 files changed, 6 insertions(+) | |
10 | ||
11 | diff --git a/src/smtp_in.c b/src/smtp_in.c | |
12 | index 16c3a3e33..bdcfde65f 100644 | |
13 | --- a/src/smtp_in.c | |
14 | +++ b/src/smtp_in.c | |
15 | @@ -805,6 +805,9 @@ Returns: the character | |
16 | int | |
17 | smtp_ungetc(int ch) | |
18 | { | |
19 | +if (smtp_inptr <= smtp_inbuffer) | |
20 | + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc"); | |
21 | + | |
22 | *--smtp_inptr = ch; | |
23 | return ch; | |
24 | } | |
25 | diff --git a/src/tls.c b/src/tls.c | |
26 | index f79bc3193..2a316fe59 100644 | |
27 | --- a/src/tls.c | |
28 | +++ b/src/tls.c | |
29 | @@ -151,6 +151,9 @@ Returns: the character | |
30 | int | |
31 | tls_ungetc(int ch) | |
32 | { | |
33 | +if (ssl_xfer_buffer_lwm <= 0) | |
34 | + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc"); | |
35 | + | |
36 | ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; | |
37 | return ch; | |
38 | } | |
39 | -- | |
40 | 2.30.2 | |
41 |