File CVE-2010-2023.diff of Package exim

From a466095c0f9c7f48b1c9f857b5a17cab69fecd28 Mon Sep 17 00:00:00 2001
From: Nigel Metheringham <nigel@exim.org>
Date: Wed, 26 May 2010 12:26:00 +0000
Subject: [PATCH] Prevent hardlink attack on mbox sticky mail directory. fixes: bug #988

---
 doc/doc-txt/ChangeLog           |    5 ++++-
 src/src/transports/appendfile.c |   14 +++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

--- src/transports/appendfile.c
+++ src/transports/appendfile.c
@@ -1806,6 +1806,18 @@ if (!isdirectory)
         goto RETURN;
         }
 
+      /* Just in case this is a sticky-bit mail directory, we don't want
+      users to be able to create hard links to other users' files. */
+
+      if (statbuf.st_nlink != 1)
+        {
+        addr->basic_errno = ERRNO_NOTREGULAR;
+        addr->message = string_sprintf("mailbox %s%s has too many links (%d)",
+          filename, islink? " (symlink)" : "", statbuf.st_nlink);
+        goto RETURN;
+
+        }
+
       /* If symlinks are permitted (not recommended), the lstat() above will
       have found the symlink. Its ownership has just been checked; go round
       the loop again, using stat() instead of lstat(). That will never yield a
-- 
1.6.3.2