(root)/trunk/debian/patches/spf_compile.c-more-correct-size-of-ds_avail.patch @ 107 - Rev 103
?revision_form?Rev ?revision_input??revision_submit??revision_endform?
Blame |
Last modification |
View Log
| RSS feed
Origin: https://github.com/shevek/libspf2/pull/44/commits/c93823faef044150e1b232928d225ff5ff297e6c
Author: Simon Arlott
Description: Fix potential integer overflow when available checking space for SPF macro string literal
May resolve #1053870.
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
index b08ffe2..d401028 100644
--- a/src/libspf2/spf_compile.c
+++ b/src/libspf2/spf_compile.c
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
/* Magic numbers for x/Nc in gdb. */ \
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
dst = SPF_data_str( data ); \
- ds_avail = _avail - sizeof(SPF_data_t); \
+ if ((_avail) < sizeof(SPF_data_t)) \
+ return SPF_response_add_error_ptr(spf_response, \
+ SPF_E_BIG_STRING, NULL, src, \
+ "Out of memory for string literal");\
+ ds_avail = (_avail) - sizeof(SPF_data_t); \
ds_len = 0; \
} while(0)