git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
15282dd
)
SECURITY: a second negative store guard
author
Phil Pennock
<phil+git@pennock-tech.com>
Fri, 30 Oct 2020 01:30:04 +0000
(21:30 -0400)
committer
Heiko Schlittermann (HS12-RIPE)
<hs@schlittermann.de>
Thu, 27 May 2021 19:30:28 +0000
(21:30 +0200)
(cherry picked from commit
706864e934c70941ce7a327f97b7649a1e5f5556
)
(cherry picked from commit
9f06dcd6848052f2524658bf871c60a8d48c7dbe
)
src/src/store.c
patch
|
blob
|
history
diff --git
a/src/src/store.c
b/src/src/store.c
index b5115fa135f10345a8fa1a12b51835842668c713..c664ad9f42060dd95cb4baa5f8a8fc00f5b100d6 100644
(file)
--- a/
src/src/store.c
+++ b/
src/src/store.c
@@
-428,6
+428,13
@@
int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
int inc = newsize - oldsize;
int rounded_oldsize = oldsize;
+if (newsize < 0)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "bad memory extension requested (%d -> %d bytes) at %s %d",
+ oldsize, newsize, func, linenumber);
+ }
+
/* Check that the block being extended was already of the required taint status;
refuse to extend if not. */