Fix a format string bug. The vulnerability can only be exploited by the

"admin user" of exim. Thus the risk of this vulnerability is low.

http://online.securityfocus.com/archive/1/302101/2002-2/2002-12-08/0
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
--
From: MAINTAINER with heads up from me
This commit is contained in:
brad 2002-12-07 16:34:57 +00:00
parent 1ec4963aa3
commit 0af266880e
2 changed files with 25 additions and 1 deletions

View File

@ -1,10 +1,11 @@
# $OpenBSD: Makefile,v 1.34 2002/11/21 00:15:10 naddy Exp $
# $OpenBSD: Makefile,v 1.35 2002/12/07 16:34:57 brad Exp $
COMMENT= "flexible mail transfer agent"
VERSION= 3.36
VERSION_DOC= 3.30
DISTNAME= exim-${VERSION}
PKGNAME= ${DISTNAME}p1
CATEGORIES= mail
MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim3/ \

View File

@ -0,0 +1,23 @@
$OpenBSD: patch-src_daemon_c,v 1.1 2002/12/07 16:34:57 brad Exp $
--- src/daemon.c.orig Sat Dec 7 07:59:03 2002
+++ src/daemon.c Sat Dec 7 07:59:18 2002
@@ -590,7 +590,7 @@ if (smtp_port < 0)
if (pid_file_path[0] == 0)
sprintf(buff, "%s/exim-daemon.pid", spool_directory);
else
- sprintf(buff, pid_file_path, "");
+ strcpy(buff, pid_file_path);
}
else
{
@@ -598,9 +598,7 @@ else
sprintf(buff, "%s/exim-daemon.%d.pid", spool_directory, smtp_port);
else
{
- char dbuff[12];
- sprintf(dbuff, ".%d", smtp_port);
- sprintf(buff, pid_file_path, dbuff);
+ strcpy(buff, pid_file_path);
}
}