integer-underflow.patch

   1 From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001
   2 From: Simon Arlott <sa.me.uk>
   3 Date: Sat, 30 Sep 2023 12:18:51 +0100
   4 Subject: [PATCH] Fix integer underflow
   5
   6 ---
   7  src/libspf2/spf_compile.c | 6 +++++-
   8  1 file changed, 5 insertions(+), 1 deletion(-)
   9
  10 diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
  11 index b08ffe2..d401028 100644
  12 --- a/src/libspf2/spf_compile.c
  13 +++ b/src/libspf2/spf_compile.c
  14 @@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
  15                         /* Magic numbers for x/Nc in gdb. */                                    \
  16                         data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe;   \
  17                         dst = SPF_data_str( data );                                                             \
  18 -                       ds_avail = _avail - sizeof(SPF_data_t);                                 \
  19 +                       if ((_avail) < sizeof(SPF_data_t))                                              \
  20 +                               return SPF_response_add_error_ptr(spf_response,         \
  21 +                                                                       SPF_E_BIG_STRING, NULL, src,    \
  22 +                                                               "Out of memory for string literal");\
  23 +                       ds_avail = (_avail) - sizeof(SPF_data_t);                               \
  24                         ds_len = 0;                                                                                             \
  25                 } while(0)
  26