SECURITY: fix Qualys CVE-2020-PFPZA
authorPhil Pennock <phil+git@pennock-tech.com>
Fri, 30 Oct 2020 00:42:40 +0000 (20:42 -0400)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Tue, 27 Apr 2021 22:40:20 +0000 (00:40 +0200)
(cherry picked from commit 29d7a8c25f182c91d5d30f124f9e296dce5c018e)

doc/doc-txt/ChangeLog
src/src/parse.c

index c8b295b6ec985e692cdc480ce4a7d9171ba6098a..0c7a8ad528212b45b4d6a2044821cb8c3c16a269 100644 (file)
@@ -184,6 +184,9 @@ PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
       providing a particularly obnoxious sender full name.
       Reported by Qualys.
 
+pp/06 Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
+
+
 
 Exim version 4.94
 -----------------
index ba5489ba9ad4c903706050cd6000c56204468c5c..c50c8156d5997bc3b70e921ed5322cdd6a4e6793 100644 (file)
@@ -979,6 +979,11 @@ if (i < len)
 
 /* No non-printers; use the RFC 822 quoting rules */
 
+if (!len)
+  {
+  return string_copy_taint_function("", is_tainted(phrase));
+  }
+
 buffer = store_get(len*4, is_tainted(phrase));
 
 s = phrase;