From 7ea481a6471cdad3a674b767f808357b3c7fc721 Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Sun, 21 Feb 2021 21:49:30 -0800 Subject: [PATCH 13/29] CVE-2020-28024: Heap buffer underflow in smtp_ungetc() --- src/smtp_in.c | 3 +++ src/tls.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/src/smtp_in.c b/src/smtp_in.c index 16c3a3e33..bdcfde65f 100644 --- a/src/smtp_in.c +++ b/src/smtp_in.c @@ -805,6 +805,9 @@ Returns: the character int smtp_ungetc(int ch) { +if (smtp_inptr <= smtp_inbuffer) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc"); + *--smtp_inptr = ch; return ch; } diff --git a/src/tls.c b/src/tls.c index f79bc3193..2a316fe59 100644 --- a/src/tls.c +++ b/src/tls.c @@ -151,6 +151,9 @@ Returns: the character int tls_ungetc(int ch) { +if (ssl_xfer_buffer_lwm <= 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc"); + ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; return ch; } -- 2.30.2