diff options
author | Qualys Security Advisory <qsa@qualys.com> | 2021-02-21 19:22:33 -0800 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-05-27 21:30:46 +0200 |
commit | a06ffc5a1b1a49e0e8cd6522ce5a005948333458 (patch) | |
tree | ff420aa15121eb7fb6d8c8b036e93eeb42ca98cf | |
parent | 748ff65b0d648e9d4d1077190a07679dd54ab231 (diff) |
CVE-2020-28011: Heap buffer overflow in queue_run()
(cherry picked from commit 6e1fb878e95f8e6f838ffde5258c7a969c981865)
(cherry picked from commit 08102cbe8102f99b31655aa0e926c45b427efe6d)
-rw-r--r-- | src/src/queue.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/src/queue.c b/src/src/queue.c index 4c93c1d7f..567784575 100644 --- a/src/src/queue.c +++ b/src/src/queue.c @@ -396,12 +396,18 @@ if (!recurse) p += sprintf(CS p, " -q%s", extras); if (deliver_selectstring) - p += sprintf(CS p, " -R%s %s", f.deliver_selectstring_regex? "r" : "", - deliver_selectstring); + { + snprintf(CS p, big_buffer_size - (p - big_buffer), " -R%s %s", + f.deliver_selectstring_regex? "r" : "", deliver_selectstring); + p += Ustrlen(CCS p); + } if (deliver_selectstring_sender) - p += sprintf(CS p, " -S%s %s", f.deliver_selectstring_sender_regex? "r" : "", - deliver_selectstring_sender); + { + snprintf(CS p, big_buffer_size - (p - big_buffer), " -S%s %s", + f.deliver_selectstring_sender_regex? "r" : "", deliver_selectstring_sender); + p += Ustrlen(CCS p); + } log_detail = string_copy(big_buffer); if (*queue_name) |