From 0f0e11b3d64ad562016d5c21dadbce74cc70c5f9 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Tue, 19 May 2020 23:59:38 +0200
Subject: Make sure to limit max alloc size

see https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt
---
 alloc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/alloc.c b/alloc.c
index 48a109b..11fe431 100644
--- a/alloc.c
+++ b/alloc.c
@@ -1,3 +1,4 @@
+#include <limits.h>
 #include "alloc.h"
 #include "error.h"
 #include <stdlib.h>
@@ -14,6 +15,10 @@ static unsigned int avail = SPACE; /* multiple of ALIGNMENT; 0<=avail<=SPACE */
 unsigned int n;
 {
   char *x;
+  if (n >= (INT_MAX >> 3)) {
+    errno = error_nomem;
+    return 0;
+  }
   n = ALIGNMENT + n - (n & (ALIGNMENT - 1)); /* XXX: could overflow */
   if (n <= avail) { avail -= n; return space + avail; }
   x = malloc(n);
-- 
cgit v1.2.3