SECURITY: fix Qualys CVE-2020-PFPZA

author Phil Pennock <phil+git@pennock-tech.com>

Fri, 30 Oct 2020 00:42:40 +0000 (20:42 -0400)

committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Thu, 27 May 2021 19:30:26 +0000 (21:30 +0200)
author Phil Pennock <phil+git@pennock-tech.com>
Fri, 30 Oct 2020 00:42:40 +0000 (20:42 -0400)
committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Thu, 27 May 2021 19:30:26 +0000 (21:30 +0200)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog

index 07fba9c23f8130343f48f8ea0e31e03b1b5cb031..95b95e7940f0f78fbc3326fe60ee94cd65082bf5 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -273,6 +273,9 @@ PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
        providing a particularly obnoxious sender full name.
        Reported by Qualys.
  
        providing a particularly obnoxious sender full name.
        Reported by Qualys.
  
+pp/06 Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
+
+
  
  Exim version 4.94
  -----------------
  
  Exim version 4.94
  -----------------
diff --git a/src/src/parse.c b/src/src/parse.c

index 7dfb9a7eb5f0e69774bcad94c7b4df4913251da0..8d689e88adc349b59cafd110813d64779fc562fa 100644 (file)
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -984,6 +984,11 @@ if (i < len)
  
  /* No non-printers; use the RFC 822 quoting rules */
  
  
  /* No non-printers; use the RFC 822 quoting rules */
  
+if (!len)
+  {
+  return string_copy_taint_function("", is_tainted(phrase));
+  }
+
  buffer = store_get(len*4, is_tainted(phrase));
  
  s = phrase;
  buffer = store_get(len*4, is_tainted(phrase));
  
  s = phrase;
author	Phil Pennock <phil+git@pennock-tech.com>
	Fri, 30 Oct 2020 00:42:40 +0000 (20:42 -0400)
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Thu, 27 May 2021 19:30:26 +0000 (21:30 +0200)
doc/doc-txt/ChangeLog		patch \| blob \| history
src/src/parse.c		patch \| blob \| history