blob: 4545ff38edb1da43ed1ba1049f88b93d198e3660 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From 7ea481a6471cdad3a674b767f808357b3c7fc721 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Sun, 21 Feb 2021 21:49:30 -0800
Subject: [PATCH 13/29] CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
---
src/smtp_in.c | 3 +++
src/tls.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/src/smtp_in.c b/src/smtp_in.c
index 16c3a3e33..bdcfde65f 100644
--- a/src/smtp_in.c
+++ b/src/smtp_in.c
@@ -805,6 +805,9 @@ Returns: the character
int
smtp_ungetc(int ch)
{
+if (smtp_inptr <= smtp_inbuffer)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc");
+
*--smtp_inptr = ch;
return ch;
}
diff --git a/src/tls.c b/src/tls.c
index f79bc3193..2a316fe59 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -151,6 +151,9 @@ Returns: the character
int
tls_ungetc(int ch)
{
+if (ssl_xfer_buffer_lwm <= 0)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc");
+
ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch;
return ch;
}
--
2.30.2
|
