From d1e9e98adb057fac01d3b4db6c75347e05e88263 Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@debian.org>
Date: Tue, 3 Sep 2019 20:01:38 +0200
Subject: [PATCH] Import Debian changes 4.89-2+deb9u6

exim4 (4.89-2+deb9u6) stretch-security; urgency=high

  * 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
    related buffer overflow. CVE-2019-15846
---
 debian/changelog                              |  7 ++++
 ...ot-interpret-before-0-CVE-2019-15846.patch | 39 +++++++++++++++++++
 debian/patches/series                         |  1 +
 3 files changed, 47 insertions(+)
 create mode 100644 debian/patches/85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch

diff --git a/debian/changelog b/debian/changelog
index 9908f3d..02a8d87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+exim4 (4.89-2+deb9u6) stretch-security; urgency=high
+
+  * 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
+    related buffer overflow. CVE-2019-15846
+
+ -- Andreas Metzler <ametzler@debian.org>  Tue, 03 Sep 2019 20:01:38 +0200
+
 exim4 (4.89-2+deb9u5) stretch-security; urgency=high
 
   * Fix remote command execution vulnerability related to
diff --git a/debian/patches/85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch b/debian/patches/85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
new file mode 100644
index 0000000..7494dd0
--- /dev/null
+++ b/debian/patches/85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
@@ -0,0 +1,39 @@
+From 2600301ba6dbac5c9d640c87007a07ee6dcea1f4 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Mon, 19 Aug 2019 14:45:48 +0200
+Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
+
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -4,6 +4,11 @@ This document describes *changes* to pre
+ affect Exim's operation, with an unchanged configuration file.  For new
+ options, and new features, see the NewStuff file next to this ChangeLog.
+ 
++Exim version 4.92.2
++-------------------
++
++HS/01 Handle trailing backslash gracefully. (CVE-2019-15846)
++
+ 
+ Exim version 4.89
+ -----------------
+--- a/src/string.c
++++ b/src/string.c
+@@ -220,6 +220,8 @@ interpreted in strings.
+ Arguments:
+   pp       points a pointer to the initiating "\" in the string;
+            the pointer gets updated to point to the final character
++           If the backslash is the last character in the string, it
++           is not interpreted.
+ Returns:   the value of the character escape
+ */
+ 
+@@ -232,6 +234,7 @@ const uschar *hex_digits= CUS"0123456789
+ int ch;
+ const uschar *p = *pp;
+ ch = *(++p);
++if (ch == '\0') return **pp;
+ if (isdigit(ch) && ch != '8' && ch != '9')
+   {
+   ch -= '0';
diff --git a/debian/patches/series b/debian/patches/series
index 499bc46..e4829bd 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,4 @@
 82_Fix-base64d-buffer-size-CVE-2018-6789.patch
 83_qsa-2019-exim4.patch
 84_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch
+85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
-- 
2.20.1