| 1 | From 7ea481a6471cdad3a674b767f808357b3c7fc721 Mon Sep 17 00:00:00 2001 |
| 2 | From: Qualys Security Advisory <qsa@qualys.com> |
| 3 | Date: Sun, 21 Feb 2021 21:49:30 -0800 |
| 4 | Subject: [PATCH 13/29] CVE-2020-28024: Heap buffer underflow in smtp_ungetc() |
| 5 | |
| 6 | --- |
| 7 | src/smtp_in.c | 3 +++ |
| 8 | src/tls.c | 3 +++ |
| 9 | 2 files changed, 6 insertions(+) |
| 10 | |
| 11 | diff --git a/src/smtp_in.c b/src/smtp_in.c |
| 12 | index 16c3a3e33..bdcfde65f 100644 |
| 13 | --- a/src/smtp_in.c |
| 14 | +++ b/src/smtp_in.c |
| 15 | @@ -805,6 +805,9 @@ Returns: the character |
| 16 | int |
| 17 | smtp_ungetc(int ch) |
| 18 | { |
| 19 | +if (smtp_inptr <= smtp_inbuffer) |
| 20 | + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc"); |
| 21 | + |
| 22 | *--smtp_inptr = ch; |
| 23 | return ch; |
| 24 | } |
| 25 | diff --git a/src/tls.c b/src/tls.c |
| 26 | index f79bc3193..2a316fe59 100644 |
| 27 | --- a/src/tls.c |
| 28 | +++ b/src/tls.c |
| 29 | @@ -151,6 +151,9 @@ Returns: the character |
| 30 | int |
| 31 | tls_ungetc(int ch) |
| 32 | { |
| 33 | +if (ssl_xfer_buffer_lwm <= 0) |
| 34 | + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc"); |
| 35 | + |
| 36 | ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; |
| 37 | return ch; |
| 38 | } |
| 39 | -- |
| 40 | 2.30.2 |
| 41 | |