summaryrefslogtreecommitdiffstats
path: root/debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch')
-rw-r--r--debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch41
1 files changed, 41 insertions, 0 deletions
diff --git a/debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch b/debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch
new file mode 100644
index 0000000..4545ff3
--- /dev/null
+++ b/debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch
@@ -0,0 +1,41 @@
+From 7ea481a6471cdad3a674b767f808357b3c7fc721 Mon Sep 17 00:00:00 2001
+From: Qualys Security Advisory <qsa@qualys.com>
+Date: Sun, 21 Feb 2021 21:49:30 -0800
+Subject: [PATCH 13/29] CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
+
+---
+ src/smtp_in.c | 3 +++
+ src/tls.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/smtp_in.c b/src/smtp_in.c
+index 16c3a3e33..bdcfde65f 100644
+--- a/src/smtp_in.c
++++ b/src/smtp_in.c
+@@ -805,6 +805,9 @@ Returns: the character
+ int
+ smtp_ungetc(int ch)
+ {
++if (smtp_inptr <= smtp_inbuffer)
++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc");
++
+ *--smtp_inptr = ch;
+ return ch;
+ }
+diff --git a/src/tls.c b/src/tls.c
+index f79bc3193..2a316fe59 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -151,6 +151,9 @@ Returns: the character
+ int
+ tls_ungetc(int ch)
+ {
++if (ssl_xfer_buffer_lwm <= 0)
++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc");
++
+ ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch;
+ return ch;
+ }
+--
+2.30.2
+