SECURITY: off-by-one in smtp transport (read response) - user/henk/code/exim.git

diff options

author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2020-11-21 22:03:03 +0100
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2021-05-27 21:30:34 +0200
commit	fa5f51b5b5157e55104bd10d66ccaa066090eec3 (patch)
tree	cac0a26db2a17d290260c1fa0eb572dff2000b9a /.github
parent	5acbba8e07243f6c221171398d90a6c824724f45 (diff)

SECURITY: off-by-one in smtp transport (read response)

Credits: Qualys 1/ In src/transports/smtp.c: 2281 int n = sizeof(sx->buffer); 2282 uschar * rsp = sx->buffer; 2283 2284 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2) 2285 { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; } This should probably be either: rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n - 1; or: rsp = sx->buffer + n; n = sizeof(sx->buffer) - n; (not sure which) to avoid an off-by-one. (cherry picked from commit d2c44ef5dd94f1f43ba1d1a02bc4594f4fba5e38) (cherry picked from commit 4045cb01a590ec480f45f80967cd9c59fe23a5d0)

Diffstat (limited to '.github')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: