CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 29 Mar 2021 20:44:47 +0000 (22:44 +0200)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Tue, 27 Apr 2021 22:40:41 +0000 (00:40 +0200)
Based on Phil Pennock's 8a50c88a, done by Qualys

(cherry picked from commit 8161c16ec7320ac6164954bade23179a0ed095eb)

src/src/parse.c

index 3f1ba222f170a4c56ad4738403ac4e12a49e2ae9..32b42cd29771e81d50fd450bc9eab4af6c672195 100644 (file)
@@ -1129,12 +1129,7 @@ while (s < end)
             {
             if (ss >= end) ss--;
             *t++ = '(';
             {
             if (ss >= end) ss--;
             *t++ = '(';
-            if (ss < s)
-              {
-              /* Someone has ended the string with "<punct>(". */
-              ss = s;
-              }
-            else
+            if (ss > s)
               {
               Ustrncpy(t, s, ss-s);
               t += ss-s;
               {
               Ustrncpy(t, s, ss-s);
               t += ss-s;