diff options
author | Qualys Security Advisory <qsa@qualys.com> | 2021-02-21 21:49:30 -0800 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-05-27 21:30:53 +0200 |
commit | cf8734c3fd0823053ae3605beb8681d0957cf4a6 (patch) | |
tree | f2b93fa402751c7728a862067bbf92df7a26062d /src | |
parent | afd37f7448663232f90217006956b1f37b6005bc (diff) |
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
(cherry picked from commit 998e5a9db121c3eff15cac16859bdffd7adcbe57)
(cherry picked from commit 638f7ca75694bcbb70cfbe7db2ef52af4aca5c83)
Diffstat (limited to 'src')
-rw-r--r-- | src/src/smtp_in.c | 3 | ||||
-rw-r--r-- | src/src/tls.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 9efe7baa9..647c231c7 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -831,6 +831,9 @@ Returns: the character int smtp_ungetc(int ch) { +if (smtp_inptr <= smtp_inbuffer) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc"); + *--smtp_inptr = ch; return ch; } diff --git a/src/src/tls.c b/src/src/tls.c index ddee95de2..e073eadbe 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -457,6 +457,9 @@ Returns: the character int tls_ungetc(int ch) { +if (ssl_xfer_buffer_lwm <= 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc"); + ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; return ch; } |