diff options
Diffstat (limited to 'debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch')
-rw-r--r-- | debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch b/debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch new file mode 100644 index 0000000..4545ff3 --- /dev/null +++ b/debian/patches/84_13-CVE-2020-28024-Heap-buffer-underflow-in-smtp_ungetc.patch @@ -0,0 +1,41 @@ +From 7ea481a6471cdad3a674b767f808357b3c7fc721 Mon Sep 17 00:00:00 2001 +From: Qualys Security Advisory <qsa@qualys.com> +Date: Sun, 21 Feb 2021 21:49:30 -0800 +Subject: [PATCH 13/29] CVE-2020-28024: Heap buffer underflow in smtp_ungetc() + +--- + src/smtp_in.c | 3 +++ + src/tls.c | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/src/smtp_in.c b/src/smtp_in.c +index 16c3a3e33..bdcfde65f 100644 +--- a/src/smtp_in.c ++++ b/src/smtp_in.c +@@ -805,6 +805,9 @@ Returns: the character + int + smtp_ungetc(int ch) + { ++if (smtp_inptr <= smtp_inbuffer) ++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc"); ++ + *--smtp_inptr = ch; + return ch; + } +diff --git a/src/tls.c b/src/tls.c +index f79bc3193..2a316fe59 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -151,6 +151,9 @@ Returns: the character + int + tls_ungetc(int ch) + { ++if (ssl_xfer_buffer_lwm <= 0) ++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc"); ++ + ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; + return ch; + } +-- +2.30.2 + |