CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()

author Qualys Security Advisory <qsa@qualys.com>

Mon, 22 Feb 2021 02:54:16 +0000 (18:54 -0800)

committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Tue, 27 Apr 2021 22:40:38 +0000 (00:40 +0200)
author Qualys Security Advisory <qsa@qualys.com>
Mon, 22 Feb 2021 02:54:16 +0000 (18:54 -0800)
committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Tue, 27 Apr 2021 22:40:38 +0000 (00:40 +0200)
diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c

index 4c73d4fac9b82290516af70232c07a7b49b47204..4320ecd49cd2d1d41552a53f08ac952d5a1ac11f 100644 (file)
--- a/src/src/pdkim/pdkim.c
+++ b/src/src/pdkim/pdkim.c
@@ -825,7 +825,7 @@ for (pdkim_signature * sig = ctx->sig; sig; sig = sig->next)
    /* VERIFICATION --------------------------------------------------------- */
    /* Be careful that the header sig included a bodyash */
  
    /* VERIFICATION --------------------------------------------------------- */
    /* Be careful that the header sig included a bodyash */
  
-    if (  sig->bodyhash.data
+    if (sig->bodyhash.data && sig->bodyhash.len == b->bh.len
         && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0)
        {
        DEBUG(D_acl) debug_printf("DKIM [%s] Body hash compared OK\n", sig->domain);
         && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0)
        {
        DEBUG(D_acl) debug_printf("DKIM [%s] Body hash compared OK\n", sig->domain);
author	Qualys Security Advisory <qsa@qualys.com>
	Mon, 22 Feb 2021 02:54:16 +0000 (18:54 -0800)
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Tue, 27 Apr 2021 22:40:38 +0000 (00:40 +0200)