nm4 2008/12/12 14:36:37 GMT
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src string.c
Log:
Buffer overrun fix. fixes: bug #787
Revision Changes Path
1.557 +3 -0 exim/exim-doc/doc-txt/ChangeLog
1.14 +7 -0 exim/exim-src/src/string.c
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.556
retrieving revision 1.557
diff -u -r1.556 -r1.557
--- ChangeLog 16 Oct 2008 07:57:01 -0000 1.556
+++ ChangeLog 12 Dec 2008 14:36:37 -0000 1.557
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.556 2008/10/16 07:57:01 nm4 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.557 2008/12/12 14:36:37 nm4 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -77,6 +77,9 @@
NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
acl_smtp_notquit
+NM/09 Bugzilla 787: Potential buffer overflow in string_format
+ Patch provided by Eugene Bujak
+
Exim version 4.69
-----------------
Index: string.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/string.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- string.c 26 Feb 2007 14:07:04 -0000 1.13
+++ string.c 12 Dec 2008 14:36:37 -0000 1.14
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/string.c,v 1.13 2007/02/26 14:07:04 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/string.c,v 1.14 2008/12/12 14:36:37 nm4 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1267,10 +1267,17 @@
not OK, add part of the string (debugging uses this to show as
much as possible). */
+ if (p == last)
+ {
+ yield = FALSE;
+ goto END_FORMAT;
+ }
if (p >= last - width)
{
yield = FALSE;
width = precision = last - p - 1;
+ if (width < 0) width = 0;
+ if (precision < 0) precision = 0;
}
sprintf(CS p, "%*.*s", width, precision, s);
if (fp[-1] == 'S')
