From: Qualys Security Advisory Date: Mon, 22 Feb 2021 05:49:30 +0000 (-0800) Subject: CVE-2020-28024: Heap buffer underflow in smtp_ungetc() X-Git-Tag: exim-4.95-RC0~51^2~12 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/cf8734c3fd0823053ae3605beb8681d0957cf4a6 CVE-2020-28024: Heap buffer underflow in smtp_ungetc() (cherry picked from commit 998e5a9db121c3eff15cac16859bdffd7adcbe57) (cherry picked from commit 638f7ca75694bcbb70cfbe7db2ef52af4aca5c83) --- diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 9efe7baa9..647c231c7 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -831,6 +831,9 @@ Returns: the character int smtp_ungetc(int ch) { +if (smtp_inptr <= smtp_inbuffer) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc"); + *--smtp_inptr = ch; return ch; } diff --git a/src/src/tls.c b/src/src/tls.c index ddee95de2..e073eadbe 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -457,6 +457,9 @@ Returns: the character int tls_ungetc(int ch) { +if (ssl_xfer_buffer_lwm <= 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc"); + ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; return ch; }