Answering my mail didn't take up all the time till my meeting this
morning, leaving me time to develop a slightly different patch to the
one posted by Jawaid Bazyar. Here are versions for 1.62 and 1.651:
---snip--------------------------------------------------------------------
*** exim-1.62/src/parse.c Wed Apr 16 14:34:49 1997
--- parse.c Tue Jul 22 09:41:50 1997
***************
*** 1037,1042 ****
--- 1037,1048 ----
int extracted;
FILE *f;
+ if (len-9 > 255)
+ {
+ *error = "included file name is too long";
+ return -1;
+ }
+
strncpy(filename, s+9, len-9);
filename[len-9] = 0;
---snip--------------------------------------------------------------------
*** exim-1.651/src/parse.c Fri Jul 4 16:33:56 1997
--- parse.c Tue Jul 22 09:31:54 1997
***************
*** 1056,1061 ****
--- 1056,1067 ----
*error = string_sprintf("file name missing after :include:");
return -1;
}
+
+ if (flen > 255)
+ {
+ *error = string_sprintf("included file name \"%s\" is too long", t);
+ return -1;
+ }
strncpy(filename, t, flen);
filename[flen] = 0;
---snip--------------------------------------------------------------------
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714