debian/patches/84_05-CVE-2020-28011-Heap-buffer-overflow-in-queue_run.patch

   1 From 9970ba4d8b9477d98c722221b6b7b97f03104b9f Mon Sep 17 00:00:00 2001
   2 From: Qualys Security Advisory <qsa@qualys.com>
   3 Date: Sun, 21 Feb 2021 19:22:33 -0800
   4 Subject: [PATCH 05/29] CVE-2020-28011: Heap buffer overflow in queue_run()
   5
   6 ---
   7  src/queue.c | 14 ++++++++++----
   8  1 file changed, 10 insertions(+), 4 deletions(-)
   9
  10 diff --git a/src/queue.c b/src/queue.c
  11 index 92109ef92..41af5b85e 100644
  12 --- a/src/queue.c
  13 +++ b/src/queue.c
  14 @@ -416,12 +416,18 @@ if (!recurse)
  15      p += sprintf(CS p, " -q%s", extras);
  16
  17    if (deliver_selectstring)
  18 -    p += sprintf(CS p, " -R%s %s", f.deliver_selectstring_regex? "r" : "",
  19 -      deliver_selectstring);
  20 +    {
  21 +    snprintf(CS p, big_buffer_size - (p - big_buffer), " -R%s %s",
  22 +      f.deliver_selectstring_regex? "r" : "", deliver_selectstring);
  23 +    p += strlen(CCS p);
  24 +    }
  25
  26    if (deliver_selectstring_sender)
  27 -    p += sprintf(CS p, " -S%s %s", f.deliver_selectstring_sender_regex? "r" : "",
  28 -      deliver_selectstring_sender);
  29 +    {
  30 +    snprintf(CS p, big_buffer_size - (p - big_buffer), " -S%s %s",
  31 +      f.deliver_selectstring_sender_regex? "r" : "", deliver_selectstring_sender);
  32 +    p += strlen(CCS p);
  33 +    }
  34
  35    log_detail = string_copy(big_buffer);
  36    if (*queue_name)
  37 --
  38 2.30.2
  39