PP/04 Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
better. Reported by Qualys.
+PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
+ providing a particularly obnoxious sender full name.
+ Reported by Qualys.
+
Exim version 4.94
-----------------
{
if (ss >= end) ss--;
*t++ = '(';
- Ustrncpy(t, s, ss-s);
- t += ss-s;
- s = ss;
+ if (ss < s)
+ {
+ /* Someone has ended the string with "<punct>(". */
+ ss = s;
+ }
+ else
+ {
+ Ustrncpy(t, s, ss-s);
+ t += ss-s;
+ s = ss;
+ }
}
}