From e4e7c4c253a88e9d83888d0e39dd651630fae01b Mon Sep 17 00:00:00 2001
From: Clive Lin <clive@FreeBSD.org>
Date: Sun, 24 Nov 2002 10:46:58 +0000
Subject: Fix a possible denial of service vulnerability.

After this patch, the action of piping mails out won't stop,
even if all of your mails were failed to deliver. Nullmailer
itself will keep throwing mails to smart relay as long as
there're incoming mails, no matter how broken the recipients
of the previous mails.

Still leave this port in FORBIDDEN state until I address
PR ports/45152

Obtained from: http://www.debian.org/security/2002/dsa-198
Noted by: Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
---
 mail/nullmailer/files/patch-sendmail.cc | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 mail/nullmailer/files/patch-sendmail.cc

(limited to 'mail/nullmailer/files/patch-sendmail.cc')

diff --git a/mail/nullmailer/files/patch-sendmail.cc b/mail/nullmailer/files/patch-sendmail.cc
new file mode 100644
index 000000000000..2c83bb469c86
--- /dev/null
+++ b/mail/nullmailer/files/patch-sendmail.cc
@@ -0,0 +1,11 @@
+--- src/sendmail.cc
++++ src/sendmail.cc
+@@ -84,7 +84,7 @@
+   str[varlen] = '=';
+   memcpy(str+varlen+1, val, vallen);
+   str[varlen+vallen+1] = 0;
+-  return putenv(str);
++  return putenv(strdup(str));
+ }
+ #endif
+ 
-- 
cgit v1.2.3