HCoop / hcoop / debian / exim4.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'debian'
[hcoop/debian/exim4.git] / debian / patches / 82_Fix-base64d-buffer-size-CVE-2018-6789.patch
1 Description: Fix base64d() buffer size (CVE-2018-6789)
2 Credits for discovering this bug: Meh Chang <meh@devco.re>
3 Origin: vendor
4 Bug-Debian: https://bugs.debian.org/890000
5 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-6789
6 Forwarded: not-needed
7 Author: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
8 Last-Update: 2018-02-10
9 ---
10
11 --- a/src/base64.c
12 +++ b/src/base64.c
13 @@ -152,10 +152,14 @@ static uschar dec64table[] = {
14 int
15 b64decode(uschar *code, uschar **ptr)
16 {
17 +
18 int x, y;
19 -uschar *result = store_get(3*(Ustrlen(code)/4) + 1);
20 +uschar *result;
21
22 -*ptr = result;
23 +{
24 + int l = Ustrlen(code);
25 + *ptr = result = store_get(1 + l/4 * 3 + l%4);
26 +}
27
28 /* Each cycle of the loop handles a quantum of 4 input bytes. For the last
29 quantum this may decode to 1, 2, or 3 output bytes. */
exim4 packaging