From: Qualys Security Advisory Date: Mon, 22 Feb 2021 02:54:16 +0000 (-0800) Subject: CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() X-Git-Tag: exim-4.94.1~23 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/1c261b90f627f0489f7dfcf1e66b46cce67f477d?ds=inline CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() (cherry picked from commit cad30cd3fb96196e908e0d66b1b45fdf377c850c) --- diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 4c73d4fac..4320ecd49 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -825,7 +825,7 @@ for (pdkim_signature * sig = ctx->sig; sig; sig = sig->next) /* VERIFICATION --------------------------------------------------------- */ /* Be careful that the header sig included a bodyash */ - if ( sig->bodyhash.data + if (sig->bodyhash.data && sig->bodyhash.len == b->bh.len && memcmp(b->bh.data, sig->bodyhash.data, b->bh.len) == 0) { DEBUG(D_acl) debug_printf("DKIM [%s] Body hash compared OK\n", sig->domain);