git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: fix Qualys CVE-2020-PFPZA
[exim.git]
/
src
/
src
/
parse.c
diff --git
a/src/src/parse.c
b/src/src/parse.c
index 18a6df1987ba4d7457f7a2f41d978e4f057cdd50..8d689e88adc349b59cafd110813d64779fc562fa 100644
(file)
--- a/
src/src/parse.c
+++ b/
src/src/parse.c
@@
-984,6
+984,11
@@
if (i < len)
/* No non-printers; use the RFC 822 quoting rules */
/* No non-printers; use the RFC 822 quoting rules */
+if (!len)
+ {
+ return string_copy_taint_function("", is_tainted(phrase));
+ }
+
buffer = store_get(len*4, is_tainted(phrase));
s = phrase;
buffer = store_get(len*4, is_tainted(phrase));
s = phrase;
@@
-1129,9
+1134,17
@@
while (s < end)
{
if (ss >= end) ss--;
*t++ = '(';
{
if (ss >= end) ss--;
*t++ = '(';
- Ustrncpy(t, s, ss-s);
- t += ss-s;
- s = ss;
+ if (ss < s)
+ {
+ /* Someone has ended the string with "<punct>(". */
+ ss = s;
+ }
+ else
+ {
+ Ustrncpy(t, s, ss-s);
+ t += ss-s;
+ s = ss;
+ }
}
}
}
}