CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()

[exim.git] / src / src / macros.h

diff --git a/src/src/macros.h b/src/src/macros.h
index cebbf40857ab128197ec0b05199be5024cb60559..b2f86ed5341868f39f2c4360f977eccf0e51abc6 100644 (file)
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -150,10 +150,13 @@ enough to hold all the headers from a normal kind of message. */
 /* The size of the circular buffer that remembers recent SMTP commands */
 
 #define SMTP_HBUFF_SIZE 20
+#define SMTP_HBUFF_PREV(n)     ((n) ? (n)-1 : SMTP_HBUFF_SIZE-1)
 
 /* The initial size of a big buffer for use in various places. It gets put
 into big_buffer_size and in some circumstances increased. It should be at least
-as long as the maximum path length. */
+as long as the maximum path length PLUS room for string additions.
+Let's go with "at least twice as large as maximum path length".
+*/
 
 #ifdef AUTH_HEIMDAL_GSSAPI
                /* RFC 4121 section 5.2, SHOULD support 64K input buffers */
@@ -162,10 +165,12 @@ as long as the maximum path length. */
 # define __BIG_BUFFER_SIZE 16384
 #endif
 
-#if defined PATH_MAX && PATH_MAX > __BIG_BUFFER_SIZE
-# define BIG_BUFFER_SIZE PATH_MAX
-#elif defined MAXPATHLEN && MAXPATHLEN > __BIG_BUFFER_SIZE
-# define BIG_BUFFER_SIZE MAXPATHLEN
+#ifndef PATH_MAX
+/* exim.h will have ensured this exists before including us. */
+# error headers confusion, PATH_MAX missing in macros.h
+#endif
+#if (PATH_MAX*2) > __BIG_BUFFER_SIZE
+# define BIG_BUFFER_SIZE (PATH_MAX*2)
 #else
 # define BIG_BUFFER_SIZE __BIG_BUFFER_SIZE
 #endif