git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6f5d7e5
)
SECURITY: a second negative store guard
author
Phil Pennock
<phil+git@pennock-tech.com>
Fri, 30 Oct 2020 01:30:04 +0000
(21:30 -0400)
committer
Heiko Schlittermann (HS12-RIPE)
<hs@schlittermann.de>
Tue, 27 Apr 2021 22:40:22 +0000
(
00:40
+0200)
(cherry picked from commit
706864e934c70941ce7a327f97b7649a1e5f5556
)
src/src/store.c
patch
|
blob
|
history
diff --git
a/src/src/store.c
b/src/src/store.c
index 90da012fb1f7f62066db693e750d0106dd6c231f..1e6259c1882f1d7bc33ce39d56e3177216f2e2e7 100644
(file)
--- a/
src/src/store.c
+++ b/
src/src/store.c
@@
-390,6
+390,13
@@
int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
int inc = newsize - oldsize;
int rounded_oldsize = oldsize;
+if (newsize < 0)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "bad memory extension requested (%d -> %d bytes) at %s %d",
+ oldsize, newsize, func, linenumber);
+ }
+
/* Check that the block being extended was already of the required taint status;
refuse to extend if not. */