Credits for discovering this bug: Meh Chang <meh@devco.re>
options, and new features, see the NewStuff file next to this ChangeLog.
options, and new features, see the NewStuff file next to this ChangeLog.
-Since Exim version 4.90
------------------
+Exim version 4.90.1
+-------------------
JH/03 Fix pgsql lookup for multiple result-tuples with a single column.
Previously only the last row was returned.
JH/03 Fix pgsql lookup for multiple result-tuples with a single column.
Previously only the last row was returned.
was marked defer_ok. Fix to keep the two timeout-detection methods
separate.
was marked defer_ok. Fix to keep the two timeout-detection methods
separate.
+HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789)
+
JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
metadata, resulting in a crash in free().
JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
metadata, resulting in a crash in free().
int
b64decode(const uschar *code, uschar **ptr)
{
int
b64decode(const uschar *code, uschar **ptr)
{
-uschar *result = store_get(3*(Ustrlen(code)/4) + 1);
+{
+ int l = Ustrlen(code);
+ *ptr = result = store_get(1 + l/4 * 3 + l%4);
+}
/* Each cycle of the loop handles a quantum of 4 input bytes. For the last
quantum this may decode to 1, 2, or 3 output bytes. */
/* Each cycle of the loop handles a quantum of 4 input bytes. For the last
quantum this may decode to 1, 2, or 3 output bytes. */
git://git.exim.org / users / heiko / exim.git / commitdiff