HCoop / hcoop / debian / exim4.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'debian'
[hcoop/debian/exim4.git] / debian / patches / 84_06-CVE-2020-28013-Heap-buffer-overflow-in-parse_fix_phr.patch
diff --git a/debian/patches/84_06-CVE-2020-28013-Heap-buffer-overflow-in-parse_fix_phr.patch b/debian/patches/84_06-CVE-2020-28013-Heap-buffer-overflow-in-parse_fix_phr.patch
new file mode 100644 (file)
index 0000000..6acdecc
--- /dev/null
+++ b/debian/patches/84_06-CVE-2020-28013-Heap-buffer-overflow-in-parse_fix_phr.patch
@@ -0,0 +1,34 @@
+From 0f6c3d3f7efb5d66dabf69c36e06912d89ff96fc Mon Sep 17 00:00:00 2001
+From: Qualys Security Advisory <qsa@qualys.com>
+Date: Sun, 21 Feb 2021 19:28:28 -0800
+Subject: [PATCH 06/29] CVE-2020-28013: Heap buffer overflow in
+ parse_fix_phrase()
+
+Based on Phil Pennock's commit 8a50c88a.
+---
+ src/parse.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/parse.c b/src/parse.c
+index 4b0efa0e1..e1e2e7358 100644
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -1149,9 +1149,12 @@ while (s < end)
+             {
+             if (ss >= end) ss--;
+             *t++ = '(';
+-            Ustrncpy(t, s, ss-s);
+-            t += ss-s;
+-            s = ss;
++            if (ss > s)
++              {
++              Ustrncpy(t, s, ss-s);
++              t += ss-s;
++              s = ss;
++              }
+             }
+           }
+-- 
+2.30.2
+
exim4 packaging