0,0 → 1,22 |
Origin: https://github.com/shevek/libspf2/pull/44/commits/c93823faef044150e1b232928d225ff5ff297e6c |
Author: Simon Arlott |
Description: Fix potential integer overflow when available checking space for SPF macro string literal |
May resolve #1053870. |
|
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c |
index b08ffe2..d401028 100644 |
--- a/src/libspf2/spf_compile.c |
+++ b/src/libspf2/spf_compile.c |
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data, |
/* Magic numbers for x/Nc in gdb. */ \ |
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \ |
dst = SPF_data_str( data ); \ |
- ds_avail = _avail - sizeof(SPF_data_t); \ |
+ if ((_avail) < sizeof(SPF_data_t)) \ |
+ return SPF_response_add_error_ptr(spf_response, \ |
+ SPF_E_BIG_STRING, NULL, src, \ |
+ "Out of memory for string literal");\ |
+ ds_avail = (_avail) - sizeof(SPF_data_t); \ |
ds_len = 0; \ |
} while(0) |
|