SECURITY: fix Qualys CVE-2020-SLCWD

[exim.git] / src / src / exim.c

diff --git a/src/src/exim.c b/src/src/exim.c
index 49f7e5f3640a18ae5eefa5924da41bdd4430e036..1b7529c73b493d643a78342cd2aac6cc3e089633 100644 (file)
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -3870,7 +3870,13 @@ during readconf_main() some expansion takes place already. */
 
 /* Store the initial cwd before we change directories.  Can be NULL if the
 dir has already been unlinked. */
+errno = 0;
 initial_cwd = os_getcwd(NULL, 0);
+if (!initial_cwd && errno)
+  exim_fail("exim: getting initial cwd failed: %s\n", strerror(errno));
+
+if (initial_cwd && (strlen(CCS initial_cwd) >= BIG_BUFFER_SIZE))
+  exim_fail("exim: initial cwd is far too long (%d)\n", Ustrlen(CCS initial_cwd));
 
 /* checking:
     -be[m] expansion test        -