summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch')
-rw-r--r--mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch41
1 files changed, 41 insertions, 0 deletions
diff --git a/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch b/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch
new file mode 100644
index 00000000000..334c11d5302
--- /dev/null
+++ b/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch
@@ -0,0 +1,41 @@
+From 50d28af25d8735504b6103537228ce7f76ad765f Mon Sep 17 00:00:00 2001
+From: "Murray S. Kucherawy" <msk@blackops.org>
+Date: Wed, 5 Aug 2020 21:56:01 +0000
+Subject: [PATCH] In opendmarc_xml_parse(), ensure NULL-termination of the
+ buffer passed to opendmarc_xml().
+
+---
+ libopendmarc/opendmarc_xml.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libopendmarc/opendmarc_xml.c b/libopendmarc/opendmarc_xml.c
+index 26bb9dc..b3ac55a 100644
+--- a/libopendmarc/opendmarc_xml.c
++++ b/libopendmarc/opendmarc_xml.c
+@@ -158,7 +158,7 @@ opendmarc_xml(char *b, size_t blen, char *e, size_t elen)
+ if (*cp != '<')
+ continue;
+ ++cp;
+- for(sp = cp; *sp != '\0'; ++sp)
++ for (sp = cp; *sp != '\0'; ++sp)
+ {
+ if (*sp == '?')
+ break;
+@@ -546,7 +546,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len)
+ if (fname == NULL)
+ {
+ xerror = errno;
+- (void) snprintf(err_buf, err_len, "%s: %s", fname, "File name was NULL");
++ (void) snprintf(err_buf, err_len, "%s", "File name was NULL");
+ errno = EINVAL;
+ return NULL;
+ }
+@@ -572,7 +572,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len)
+ return NULL;
+ }
+
+- bufp = calloc(statb.st_size, 1);
++ bufp = calloc(statb.st_size + 1, 1);
+ if (bufp == NULL)
+ {
+ xerror = errno;