Subversion Repositories libspf2

Compare Revisions

Ignore whitespace Rev 102 → Rev 103

/trunk/debian/changelog
1,3 → 1,11
libspf2 (1.2.10-8) unstable; urgency=medium
 
* spf_compile.c-more-correct-size-of-ds_avail.patch: Fix potential
integer overflow when checking available space for SPF macro string
literal. May resolve #1053870.
 
-- Magnus Holmgren <holmgren@debian.org> Sun, 22 Oct 2023 18:33:14 +0200
 
libspf2 (1.2.10-7.2) unstable; urgency=medium
 
* Non-maintainer upload.
/trunk/debian/patches/spf_compile.c-more-correct-size-of-ds_avail.patch
0,0 → 1,22
Origin: https://github.com/shevek/libspf2/pull/44/commits/c93823faef044150e1b232928d225ff5ff297e6c
Author: Simon Arlott
Description: Fix potential integer overflow when available checking space for SPF macro string literal
May resolve #1053870.
 
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
index b08ffe2..d401028 100644
--- a/src/libspf2/spf_compile.c
+++ b/src/libspf2/spf_compile.c
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
/* Magic numbers for x/Nc in gdb. */ \
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
dst = SPF_data_str( data ); \
- ds_avail = _avail - sizeof(SPF_data_t); \
+ if ((_avail) < sizeof(SPF_data_t)) \
+ return SPF_response_add_error_ptr(spf_response, \
+ SPF_E_BIG_STRING, NULL, src, \
+ "Out of memory for string literal");\
+ ds_avail = (_avail) - sizeof(SPF_data_t); \
ds_len = 0; \
} while(0)