Fix a format string vulnerability that could be exploited by an Exim

admin user to gain root privelege.

2 files changed, 38 insertions, 0 deletions

diff --git a/mail/exim-old/Makefile b/mail/exim-old/Makefile
index 35c0f0196a91..1fbd7dc80b4c 100644
--- a/mail/exim-old/Makefile
+++ b/mail/exim-old/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	exim
 PORTVERSION=	3.36
+PORTREVISION=	1
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim3/ \
 		http://www.exim.org/ftp/exim3/ \
diff --git a/mail/exim-old/files/patch-src::daemon.c b/mail/exim-old/files/patch-src::daemon.c
new file mode 100644
index 000000000000..ab68b92dfabf
--- /dev/null
+++ b/mail/exim-old/files/patch-src::daemon.c
@@ -0,0 +1,37 @@
+*** src/daemon.c  Thu Apr  4 13:56:16 2002
+--- src/daemon.c	 Wed Dec  4 11:01:39 2002
+***************
+*** 590,596 ****
+    if (pid_file_path[0] == 0)
+      sprintf(buff, "%s/exim-daemon.pid", spool_directory);
+    else
+!     sprintf(buff, pid_file_path, "");
+    }
+  else
+    {
+--- 590,596 ----
+    if (pid_file_path[0] == 0)
+      sprintf(buff, "%s/exim-daemon.pid", spool_directory);
+    else
+!     strcpy(buff, pid_file_path);
+    }
+  else
+    {
+***************
+*** 598,606 ****
+      sprintf(buff, "%s/exim-daemon.%d.pid", spool_directory, smtp_port);
+    else
+      {
+!     char dbuff[12];
+!     sprintf(dbuff, ".%d", smtp_port);
+!     sprintf(buff, pid_file_path, dbuff);
+      }
+    }
+
+--- 598,604 ----
+      sprintf(buff, "%s/exim-daemon.%d.pid", spool_directory, smtp_port);
+    else
+      {
+!     strcpy(buff, pid_file_path);
+      }
+    }