| 1 | From 0f6c3d3f7efb5d66dabf69c36e06912d89ff96fc Mon Sep 17 00:00:00 2001 |
| 2 | From: Qualys Security Advisory <qsa@qualys.com> |
| 3 | Date: Sun, 21 Feb 2021 19:28:28 -0800 |
| 4 | Subject: [PATCH 06/29] CVE-2020-28013: Heap buffer overflow in |
| 5 | parse_fix_phrase() |
| 6 | |
| 7 | Based on Phil Pennock's commit 8a50c88a. |
| 8 | --- |
| 9 | src/parse.c | 9 ++++++--- |
| 10 | 1 file changed, 6 insertions(+), 3 deletions(-) |
| 11 | |
| 12 | diff --git a/src/parse.c b/src/parse.c |
| 13 | index 4b0efa0e1..e1e2e7358 100644 |
| 14 | --- a/src/parse.c |
| 15 | +++ b/src/parse.c |
| 16 | @@ -1149,9 +1149,12 @@ while (s < end) |
| 17 | { |
| 18 | if (ss >= end) ss--; |
| 19 | *t++ = '('; |
| 20 | - Ustrncpy(t, s, ss-s); |
| 21 | - t += ss-s; |
| 22 | - s = ss; |
| 23 | + if (ss > s) |
| 24 | + { |
| 25 | + Ustrncpy(t, s, ss-s); |
| 26 | + t += ss-s; |
| 27 | + s = ss; |
| 28 | + } |
| 29 | } |
| 30 | } |
| 31 | |
| 32 | -- |
| 33 | 2.30.2 |
| 34 | |