SECURITY: fix Qualys CVE-2020-PFPSN

(cherry picked from commit 93b6044e1636404f3463f3e1113098742e295542)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 7ed412ea910978110404c489f304e16fda14005e..c8b295b6ec985e692cdc480ce4a7d9171ba6098a 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -180,6 +180,10 @@ PP/03 Impose security length checks on various command-line options.
 PP/04 Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
       better.  Reported by Qualys.
 
+PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
+      providing a particularly obnoxious sender full name.
+      Reported by Qualys.
+
 
 Exim version 4.94
 -----------------

diff --git a/src/src/parse.c b/src/src/parse.c
index 39f5aaec1e5c55d7d0ab67141f3e24d7bd0c4c5b..ba5489ba9ad4c903706050cd6000c56204468c5c 100644 (file)
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -1124,9 +1124,17 @@ while (s < end)
             {
             if (ss >= end) ss--;
             *t++ = '(';
-            Ustrncpy(t, s, ss-s);
-            t += ss-s;
-            s = ss;
+            if (ss < s)
+              {
+              /* Someone has ended the string with "<punct>(". */
+              ss = s;
+              }
+            else
+              {
+              Ustrncpy(t, s, ss-s);
+              t += ss-s;
+              s = ss;
+              }
             }
           }