Commit | Line | Data |
---|---|---|
0c0c20aa AM |
1 | From 9970ba4d8b9477d98c722221b6b7b97f03104b9f Mon Sep 17 00:00:00 2001 |
2 | From: Qualys Security Advisory <qsa@qualys.com> | |
3 | Date: Sun, 21 Feb 2021 19:22:33 -0800 | |
4 | Subject: [PATCH 05/29] CVE-2020-28011: Heap buffer overflow in queue_run() | |
5 | ||
6 | --- | |
7 | src/queue.c | 14 ++++++++++---- | |
8 | 1 file changed, 10 insertions(+), 4 deletions(-) | |
9 | ||
10 | diff --git a/src/queue.c b/src/queue.c | |
11 | index 92109ef92..41af5b85e 100644 | |
12 | --- a/src/queue.c | |
13 | +++ b/src/queue.c | |
14 | @@ -416,12 +416,18 @@ if (!recurse) | |
15 | p += sprintf(CS p, " -q%s", extras); | |
16 | ||
17 | if (deliver_selectstring) | |
18 | - p += sprintf(CS p, " -R%s %s", f.deliver_selectstring_regex? "r" : "", | |
19 | - deliver_selectstring); | |
20 | + { | |
21 | + snprintf(CS p, big_buffer_size - (p - big_buffer), " -R%s %s", | |
22 | + f.deliver_selectstring_regex? "r" : "", deliver_selectstring); | |
23 | + p += strlen(CCS p); | |
24 | + } | |
25 | ||
26 | if (deliver_selectstring_sender) | |
27 | - p += sprintf(CS p, " -S%s %s", f.deliver_selectstring_sender_regex? "r" : "", | |
28 | - deliver_selectstring_sender); | |
29 | + { | |
30 | + snprintf(CS p, big_buffer_size - (p - big_buffer), " -S%s %s", | |
31 | + f.deliver_selectstring_sender_regex? "r" : "", deliver_selectstring_sender); | |
32 | + p += strlen(CCS p); | |
33 | + } | |
34 | ||
35 | log_detail = string_copy(big_buffer); | |
36 | if (*queue_name) | |
37 | -- | |
38 | 2.30.2 | |
39 |