aboutsummaryrefslogtreecommitdiffstats
path: root/community/exim/CVE-2019-16928.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/exim/CVE-2019-16928.patch')
-rw-r--r--community/exim/CVE-2019-16928.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/community/exim/CVE-2019-16928.patch b/community/exim/CVE-2019-16928.patch
new file mode 100644
index 0000000000..b920d761e1
--- /dev/null
+++ b/community/exim/CVE-2019-16928.patch
@@ -0,0 +1,36 @@
+From 478effbfd9c3cc5a627fc671d4bf94d13670d65f Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 27 Sep 2019 12:21:49 +0100
+Subject: [PATCH] Fix buffer overflow in string_vformat. Bug 2449
+
+---
+ src/src/string.c | 4 ++--
+ test/scripts/0000-Basic/0214 | 11 +++++++++++
+ test/stdout/0214 | 7 +++++++
+ 3 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/src/src/string.c b/src/src/string.c
+index c6549bf..3445f8a 100644
+--- a/src/string.c
++++ b/src/string.c
+@@ -1132,7 +1132,7 @@ store_reset(g->s + (g->size = g->ptr + 1));
+ Arguments:
+ g the growable-string
+ p current end of data
+- count amount to grow by
++ count amount to grow by, offset from p
+ */
+
+ static void
+@@ -1590,7 +1590,7 @@ while (*fp)
+ }
+ else if (g->ptr >= lim - width)
+ {
+- gstring_grow(g, g->ptr, width - (lim - g->ptr));
++ gstring_grow(g, g->ptr, width);
+ lim = g->size - 1;
+ gp = CS g->s + g->ptr;
+ }
+--
+1.9.1
+