CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
authorQualys Security Advisory <qsa@qualys.com>
Mon, 22 Feb 2021 02:54:16 +0000 (18:54 -0800)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Tue, 27 Apr 2021 22:40:38 +0000 (00:40 +0200)
(cherry picked from commit cad30cd3fb96196e908e0d66b1b45fdf377c850c)

src/src/pdkim/pdkim.c

index 4c73d4fac9b82290516af70232c07a7b49b47204..4320ecd49cd2d1d41552a53f08ac952d5a1ac11f 100644 (file)
@@ -825,7 +825,7 @@ for (pdkim_signature * sig = ctx->sig; sig; sig = sig->next)
   /* VERIFICATION --------------------------------------------------------- */
   /* Be careful that the header sig included a bodyash */
 
   /* VERIFICATION --------------------------------------------------------- */
   /* Be careful that the header sig included a bodyash */
 
-    if (  sig->bodyhash.data
+    if (sig->bodyhash.data && sig->bodyhash.len == b->bh.len
        && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0)
       {
       DEBUG(D_acl) debug_printf("DKIM [%s] Body hash compared OK\n", sig->domain);
        && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0)
       {
       DEBUG(D_acl) debug_printf("DKIM [%s] Body hash compared OK\n", sig->domain);