SECURITY: refuse too small store allocations

Negative sizes are definitely bad.
Optimistically, I'm saying that zero is bad too.  But perhaps we have something
doing that, expecting to be able to grow.  In which case we'll have to amend
this.

(cherry picked from commit 1c9afcec0043e2fb72607b2addb0613763705549)
(cherry picked from commit 6f5d7e5af8eff688c36f81334e4f063689561963)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 95b95e7940f0f78fbc3326fe60ee94cd65082bf5..5a9c8f21441569268b3dcc907a95e5a70660c113 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -273,8 +273,10 @@ PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
       providing a particularly obnoxious sender full name.
       Reported by Qualys.
 
-pp/06 Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
+PP/06 Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
 
+PP/07 Refuse to allocate too little memory, block negative/zero allocations.
+      Security guard.
 
 
 Exim version 4.94

diff --git a/src/src/store.c b/src/src/store.c
index 22615ea08aef5c1259ad214bc7119397db1ab12a..b5115fa135f10345a8fa1a12b51835842668c713 100644 (file)
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -268,6 +268,17 @@ store_get_3(int size, BOOL tainted, const char *func, int linenumber)
 {
 int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
 
+/* Ensure we've been asked to allocate memory.
+A negative size is a sign of a security problem.
+A zero size is also suspect (but we might have to allow it if we find our API
+expects it in some places). */
+if (size < 1)
+  {
+  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+            "bad memory allocation requested (%d bytes) at %s %d",
+            size, func, linenumber);
+  }
+
 /* Round up the size to a multiple of the alignment. Although this looks a
 messy statement, because "alignment" is a constant expression, the compiler can
 do a reasonable job of optimizing, especially if the value of "alignment" is a