Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
103 | magnus | 1 | Origin: https://github.com/shevek/libspf2/pull/44/commits/c93823faef044150e1b232928d225ff5ff297e6c |
2 | Author: Simon Arlott |
||
3 | Description: Fix potential integer overflow when available checking space for SPF macro string literal |
||
4 | May resolve #1053870. |
||
5 | |||
6 | diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c |
||
7 | index b08ffe2..d401028 100644 |
||
8 | --- a/src/libspf2/spf_compile.c |
||
9 | +++ b/src/libspf2/spf_compile.c |
||
10 | @@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data, |
||
11 | /* Magic numbers for x/Nc in gdb. */ \ |
||
12 | data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \ |
||
13 | dst = SPF_data_str( data ); \ |
||
14 | - ds_avail = _avail - sizeof(SPF_data_t); \ |
||
15 | + if ((_avail) < sizeof(SPF_data_t)) \ |
||
16 | + return SPF_response_add_error_ptr(spf_response, \ |
||
17 | + SPF_E_BIG_STRING, NULL, src, \ |
||
18 | + "Out of memory for string literal");\ |
||
19 | + ds_avail = (_avail) - sizeof(SPF_data_t); \ |
||
20 | ds_len = 0; \ |
||
21 | } while(0) |
||
22 |