From 8bf6894c96edfeaa412b18e3e3d1ff3820d95273 Mon Sep 17 00:00:00 2001
From: brad <brad@openbsd.org>
Date: Wed, 3 Sep 2003 17:21:05 +0000
Subject: [PATCH] Fix a remote heap overflow in exim, though it's probably not
 exploitable.

http://www.exim.org/pipermail/exim-announce/2003q3/000094.html

ok pvalchev@
---
 mail/exim/Makefile                    |  4 ++--
 mail/exim/patches/patch-src_smtp_in_c | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 mail/exim/patches/patch-src_smtp_in_c

diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index 621596c615b..1e55b638754 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.35 2002/12/07 16:34:57 brad Exp $
+# $OpenBSD: Makefile,v 1.36 2003/09/03 17:21:05 brad Exp $
 
 COMMENT=	"flexible mail transfer agent"
 
 VERSION=	3.36
 VERSION_DOC=	3.30
 DISTNAME=	exim-${VERSION}
-PKGNAME=	${DISTNAME}p1
+PKGNAME=	${DISTNAME}p2
 CATEGORIES=	mail
 
 MASTER_SITES=	ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim3/ \
diff --git a/mail/exim/patches/patch-src_smtp_in_c b/mail/exim/patches/patch-src_smtp_in_c
new file mode 100644
index 00000000000..1e90c103ab7
--- /dev/null
+++ b/mail/exim/patches/patch-src_smtp_in_c
@@ -0,0 +1,21 @@
+$OpenBSD: patch-src_smtp_in_c,v 1.1 2003/09/03 17:21:05 brad Exp $
+--- src/smtp_in.c.orig	2003-09-02 19:31:50.000000000 -0400
++++ src/smtp_in.c	2003-09-02 19:33:51.000000000 -0400
+@@ -2021,13 +2021,12 @@ while (done <= 0)
+ 
+     if (!check_helo(smtp_data))
+       {
+-      char *s;
+-      smtp_printf("501 syntactically invalid %s argument(s)\r\n", hello);
+-      if (*smtp_data == 0) strcpy(smtp_data, "(no argument given)");
+-      s = string_printing(smtp_data);
++      smtp_printf("501 Syntactically invalid %s argument(s)\r\n", hello);
+       log_write(0, LOG_MAIN|LOG_REJECT, "rejected %s from %s: syntactically "
+         "invalid argument(s): %s", hello,
+-        (sender_fullhost == NULL)? "local process" : sender_fullhost, s);
++        (sender_fullhost == NULL)? "local process" : sender_fullhost,
++        (*smtp_data == 0)? "(no argument given)" :
++                           string_printing(smtp_data));
+       break;
+       }
+