47 lines
1.3 KiB
Diff
47 lines
1.3 KiB
Diff
From 7f4fbcb3a52aa5b0b83aef57bddb33fdd9d5b82e Mon Sep 17 00:00:00 2001
|
|
From: Georg Sauthoff <mail@georg.so>
|
|
Date: Fri, 8 Feb 2019 10:50:40 +0100
|
|
Subject: [PATCH 04/11] Fix msg-id out-of-bounds read (#118)
|
|
|
|
cf. https://sourceforge.net/p/bogofilter/bugs/118/
|
|
---
|
|
src/token.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/token.c b/src/token.c
|
|
index 3ac43c1..686ddd0 100644
|
|
--- a/src/token.c
|
|
+++ b/src/token.c
|
|
@@ -33,6 +33,7 @@ AUTHOR:
|
|
|
|
word_t *msg_addr; /* First IP Address in Received: statement */
|
|
word_t *msg_id; /* Message ID */
|
|
+static size_t max_msg_id_len;
|
|
word_t *queue_id; /* Message's first queue ID */
|
|
|
|
static token_t save_class = NONE;
|
|
@@ -573,7 +574,8 @@ void token_init(void)
|
|
msg_addr = word_new( NULL, max_token_len );
|
|
|
|
/* Message ID */
|
|
- msg_id = word_new( NULL, max_token_len * 3 );
|
|
+ max_msg_id_len = max_token_len * 3;
|
|
+ msg_id = word_new( NULL, max_msg_id_len );
|
|
|
|
/* Message's first queue ID */
|
|
queue_id = word_new( NULL, max_token_len );
|
|
@@ -667,8 +669,8 @@ void set_tag(const char *text)
|
|
|
|
void set_msg_id(byte *text, uint leng)
|
|
{
|
|
- (void) leng; /* suppress compiler warning */
|
|
- token_set( msg_id, text, msg_id->leng );
|
|
+ uint n = min(leng, max_msg_id_len);
|
|
+ token_set( msg_id, text, n );
|
|
}
|
|
|
|
#define WFREE(n) word_free(n); n = NULL
|
|
--
|
|
2.20.1
|
|
|