[hcoop/debian/exim4.git] / debian / patches / 84_06-CVE-2020-28013-Heap-buffer-overflow-in-parse_fix_phr.patch

From 0f6c3d3f7efb5d66dabf69c36e06912d89ff96fc Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Sun, 21 Feb 2021 19:28:28 -0800
Subject: [PATCH 06/29] CVE-2020-28013: Heap buffer overflow in
 parse_fix_phrase()

Based on Phil Pennock's commit 8a50c88a.
---
 src/parse.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/parse.c b/src/parse.c
index 4b0efa0e1..e1e2e7358 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -1149,9 +1149,12 @@ while (s < end)
             {
             if (ss >= end) ss--;
             *t++ = '(';
-            Ustrncpy(t, s, ss-s);
-            t += ss-s;
-            s = ss;
+            if (ss > s)
+              {
+              Ustrncpy(t, s, ss-s);
+              t += ss-s;
+              s = ss;
+              }
             }
           }
 
-- 
2.30.2
Commit	Line	Data
0c0c20aa AM	1	From 0f6c3d3f7efb5d66dabf69c36e06912d89ff96fc Mon Sep 17 00:00:00 2001
	2	From: Qualys Security Advisory <qsa@qualys.com>
	3	Date: Sun, 21 Feb 2021 19:28:28 -0800
	4	Subject: [PATCH 06/29] CVE-2020-28013: Heap buffer overflow in
	5	parse_fix_phrase()
	6
	7	Based on Phil Pennock's commit 8a50c88a.
	8	---
	9	src/parse.c \| 9 ++++++---
	10	1 file changed, 6 insertions(+), 3 deletions(-)
	11
	12	diff --git a/src/parse.c b/src/parse.c
	13	index 4b0efa0e1..e1e2e7358 100644
	14	--- a/src/parse.c
	15	+++ b/src/parse.c
	16	@@ -1149,9 +1149,12 @@ while (s < end)
	17	{
	18	if (ss >= end) ss--;
	19	*t++ = '(';
	20	- Ustrncpy(t, s, ss-s);
	21	- t += ss-s;
	22	- s = ss;
	23	+ if (ss > s)
	24	+ {
	25	+ Ustrncpy(t, s, ss-s);
	26	+ t += ss-s;
	27	+ s = ss;
	28	+ }
	29	}
	30	}
	31
	32	--
	33	2.30.2
	34