CVE-2020-28024: Heap buffer underflow in smtp_ungetc()

[exim.git] / src / src / tls.c

diff --git a/src/src/tls.c b/src/src/tls.c
index f9509121804ee997c1c3035cc349a4b60c3483ac..d37a8f9ff3ca8362cc8a089c5b796338d64210bd 100644 (file)
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -3,6 +3,7 @@
 *************************************************/
 
 /* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is
@@ -156,6 +157,9 @@ Returns:       the character
 int
 tls_ungetc(int ch)
 {
+if (ssl_xfer_buffer_lwm <= 0)
+  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc");
+
 ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch;
 return ch;
 }
@@ -441,7 +445,7 @@ else if (!nowarn && !tls_certificate)
 oldsignal = signal(SIGCHLD, SIG_DFL);
 
 fflush(NULL);
-if ((pid = fork()) < 0)
+if ((pid = exim_fork(US"cipher-validate")) < 0)
   log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check");
 
 if (pid == 0)
@@ -455,7 +459,7 @@ if (pid == 0)
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
         "tls_require_ciphers invalid: %s", errmsg);
   fflush(NULL);
-  exim_underbar_exit(0);
+  exim_underbar_exit(EXIT_SUCCESS);
   }
 
 do {