From: Heiko Schlittermann (HS12-RIPE) Date: Mon, 29 Mar 2021 20:44:47 +0000 (+0200) Subject: CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() X-Git-Tag: exim-4.95-RC0~51^2~19 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/5e4fd0533c99c75cb27137ab469e2ce1e3efaf72?hp=a06ffc5a1b1a49e0e8cd6522ce5a005948333458 CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() Based on Phil Pennock's 8a50c88a, done by Qualys (cherry picked from commit 8161c16ec7320ac6164954bade23179a0ed095eb) (cherry picked from commit 71585e8fcb8704a9f431f5a8d019280cccaad069) --- diff --git a/src/src/parse.c b/src/src/parse.c index cfc1f996f..e0470c86f 100644 --- a/src/src/parse.c +++ b/src/src/parse.c @@ -1134,12 +1134,7 @@ while (s < end) { if (ss >= end) ss--; *t++ = '('; - if (ss < s) - { - /* Someone has ended the string with "(". */ - ss = s; - } - else + if (ss > s) { Ustrncpy(t, s, ss-s); t += ss-s;