blob: fabfd6ceacfd6aa746d17ce4ce22deb00fff5cad (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From d14abff4b544cfc53a8b5ef54cbc2353866b5081 Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Sat, 30 Sep 2023 12:18:51 +0100
Subject: [PATCH] Fix integer underflow
---
src/libspf2/spf_compile.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
index b08ffe2..d401028 100644
--- a/src/libspf2/spf_compile.c
+++ b/src/libspf2/spf_compile.c
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
/* Magic numbers for x/Nc in gdb. */ \
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
dst = SPF_data_str( data ); \
- ds_avail = _avail - sizeof(SPF_data_t); \
+ if ((_avail) < sizeof(SPF_data_t)) \
+ return SPF_response_add_error_ptr(spf_response, \
+ SPF_E_BIG_STRING, NULL, src, \
+ "Out of memory for string literal");\
+ ds_avail = (_avail) - sizeof(SPF_data_t); \
ds_len = 0; \
} while(0)
|
