From 0af266880e77b1a38090c927c3239c449f2be809 Mon Sep 17 00:00:00 2001 From: brad Date: Sat, 7 Dec 2002 16:34:57 +0000 Subject: [PATCH] Fix a format string bug. The vulnerability can only be exploited by the "admin user" of exim. Thus the risk of this vulnerability is low. http://online.securityfocus.com/archive/1/302101/2002-2/2002-12-08/0 http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html -- From: MAINTAINER with heads up from me --- mail/exim/Makefile | 3 ++- mail/exim/patches/patch-src_daemon_c | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 mail/exim/patches/patch-src_daemon_c diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 84d42213c12..621596c615b 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -1,10 +1,11 @@ -# $OpenBSD: Makefile,v 1.34 2002/11/21 00:15:10 naddy Exp $ +# $OpenBSD: Makefile,v 1.35 2002/12/07 16:34:57 brad Exp $ COMMENT= "flexible mail transfer agent" VERSION= 3.36 VERSION_DOC= 3.30 DISTNAME= exim-${VERSION} +PKGNAME= ${DISTNAME}p1 CATEGORIES= mail MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim3/ \ diff --git a/mail/exim/patches/patch-src_daemon_c b/mail/exim/patches/patch-src_daemon_c new file mode 100644 index 00000000000..5b1a460684b --- /dev/null +++ b/mail/exim/patches/patch-src_daemon_c @@ -0,0 +1,23 @@ +$OpenBSD: patch-src_daemon_c,v 1.1 2002/12/07 16:34:57 brad Exp $ +--- src/daemon.c.orig Sat Dec 7 07:59:03 2002 ++++ src/daemon.c Sat Dec 7 07:59:18 2002 +@@ -590,7 +590,7 @@ if (smtp_port < 0) + if (pid_file_path[0] == 0) + sprintf(buff, "%s/exim-daemon.pid", spool_directory); + else +- sprintf(buff, pid_file_path, ""); ++ strcpy(buff, pid_file_path); + } + else + { +@@ -598,9 +598,7 @@ else + sprintf(buff, "%s/exim-daemon.%d.pid", spool_directory, smtp_port); + else + { +- char dbuff[12]; +- sprintf(dbuff, ".%d", smtp_port); +- sprintf(buff, pid_file_path, dbuff); ++ strcpy(buff, pid_file_path); + } + } +