File CVE-2010-4344.diff of Package exim

Subject: memory corruption in string_format code
Bugzilla: beo#787, bnc#658731
CVE-ID: CVE-2010-4344

Index: exim-4.69/src/string.c
===================================================================
--- exim-4.69.orig/src/string.c
+++ exim-4.69/src/string.c
@@ -1267,10 +1267,17 @@ while (*fp != 0)
     not OK, add part of the string (debugging uses this to show as
     much as possible). */
 
+    if (p == last)
+      {
+      yield = FALSE;
+      goto END_FORMAT;
+      }
     if (p >= last - width)
       {
       yield = FALSE;
       width = precision = last - p - 1;
+      if (width < 0) width = 0;
+      if (precision < 0) precision = 0;
       }
     sprintf(CS p, "%*.*s", width, precision, s);
     if (fp[-1] == 'S')