From cef6c361e172a33d6a9091d24b87cbc0105580db Mon Sep 17 00:00:00 2001 From: Sheldon Hearn Date: Mon, 13 Jan 2003 16:07:08 +0000 Subject: Fix a format string vulnerability that could be exploited by an Exim admin user to gain root privelege. --- mail/exim-old/Makefile | 1 + mail/exim-old/files/patch-src::daemon.c | 37 +++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 mail/exim-old/files/patch-src::daemon.c diff --git a/mail/exim-old/Makefile b/mail/exim-old/Makefile index 35c0f0196a91..1fbd7dc80b4c 100644 --- a/mail/exim-old/Makefile +++ b/mail/exim-old/Makefile @@ -7,6 +7,7 @@ PORTNAME= exim PORTVERSION= 3.36 +PORTREVISION= 1 CATEGORIES= mail MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim3/ \ http://www.exim.org/ftp/exim3/ \ diff --git a/mail/exim-old/files/patch-src::daemon.c b/mail/exim-old/files/patch-src::daemon.c new file mode 100644 index 000000000000..ab68b92dfabf --- /dev/null +++ b/mail/exim-old/files/patch-src::daemon.c @@ -0,0 +1,37 @@ +*** src/daemon.c Thu Apr 4 13:56:16 2002 +--- src/daemon.c Wed Dec 4 11:01:39 2002 +*************** +*** 590,596 **** + if (pid_file_path[0] == 0) + sprintf(buff, "%s/exim-daemon.pid", spool_directory); + else +! sprintf(buff, pid_file_path, ""); + } + else + { +--- 590,596 ---- + if (pid_file_path[0] == 0) + sprintf(buff, "%s/exim-daemon.pid", spool_directory); + else +! strcpy(buff, pid_file_path); + } + else + { +*************** +*** 598,606 **** + sprintf(buff, "%s/exim-daemon.%d.pid", spool_directory, smtp_port); + else + { +! char dbuff[12]; +! sprintf(dbuff, ".%d", smtp_port); +! sprintf(buff, pid_file_path, dbuff); + } + } + +--- 598,604 ---- + sprintf(buff, "%s/exim-daemon.%d.pid", spool_directory, smtp_port); + else + { +! strcpy(buff, pid_file_path); + } + } -- cgit v1.2.3