From: Phil Pennock Date: Thu, 29 Oct 2020 23:00:51 +0000 (-0400) Subject: SECURITY: fix Qualys CVE-2020-PFPSN X-Git-Tag: exim-4.95-RC0~51^2~46 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/cb08e2f59f2166660abc998a0554e64c61d4a0f5?ds=inline;hp=5dc522966ae58ac845dc280495af651c9858f152 SECURITY: fix Qualys CVE-2020-PFPSN (cherry picked from commit 93b6044e1636404f3463f3e1113098742e295542) (cherry picked from commit 4e59a5d5c448e1fcdcbead268ffe6561adf0224d) --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index ba9cc1c12..07fba9c23 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -269,6 +269,10 @@ PP/03 Impose security length checks on various command-line options. PP/04 Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX better. Reported by Qualys. +PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker + providing a particularly obnoxious sender full name. + Reported by Qualys. + Exim version 4.94 ----------------- diff --git a/src/src/parse.c b/src/src/parse.c index 18a6df198..7dfb9a7eb 100644 --- a/src/src/parse.c +++ b/src/src/parse.c @@ -1129,9 +1129,17 @@ while (s < end) { if (ss >= end) ss--; *t++ = '('; - Ustrncpy(t, s, ss-s); - t += ss-s; - s = ss; + if (ss < s) + { + /* Someone has ended the string with "(". */ + ss = s; + } + else + { + Ustrncpy(t, s, ss-s); + t += ss-s; + s = ss; + } } }