41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
From e6e0ceae014f9c8519ed52b9871ca0111b6ec468 Mon Sep 17 00:00:00 2001
|
|
From: wangshuo <wangshuo@kylinos.cn>
|
|
Date: Mon, 6 May 2024 14:32:49 +0800
|
|
Subject: [PATCH] fix CVE-2024-25768
|
|
|
|
Instead of:
|
|
if (list_buf != NULL || size_of_buf > 0)
|
|
the code at libopendmarc/opendmarc_policy.c#L1478 should be:
|
|
if (list_buf != NULL && size_of_buf > 0)
|
|
|
|
In the OpenDMARC project, this bug is out of reach,
|
|
as opendmarc_policy_fetch_ruf() is always called with both list_buf = NULL and size_of_buf = 0
|
|
|
|
opendmarc/opendmarc.c#L3289
|
|
ruv = opendmarc_policy_fetch_ruf(cc->cctx_dmarc, NULL, 0, TRUE);
|
|
|
|
opendmarc/opendmarc-check.c#L224
|
|
ruf = opendmarc_policy_fetch_ruf(dmarc, NULL, 0, 1);
|
|
|
|
However, this is a library function and may be used outside of this project in a way that could trigger the bug.
|
|
---
|
|
libopendmarc/opendmarc_policy.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c
|
|
index 32053db..43daedc 100644
|
|
--- a/libopendmarc/opendmarc_policy.c
|
|
+++ b/libopendmarc/opendmarc_policy.c
|
|
@@ -1475,7 +1475,7 @@ opendmarc_policy_fetch_ruf(DMARC_POLICY_T *pctx, u_char *list_buf, size_t size_o
|
|
{
|
|
return NULL;
|
|
}
|
|
- if (list_buf != NULL || size_of_buf > 0)
|
|
+ if (list_buf != NULL && size_of_buf > 0)
|
|
{
|
|
(void) memset(list_buf, '\0', size_of_buf);
|
|
sp = list_buf;
|
|
--
|
|
2.27.0
|
|
|