+++ /dev/null
-From 2600301ba6dbac5c9d640c87007a07ee6dcea1f4 Mon Sep 17 00:00:00 2001
-From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
-Date: Mon, 19 Aug 2019 14:45:48 +0200
-Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
-
-
---- a/doc/ChangeLog
-+++ b/doc/ChangeLog
-@@ -4,6 +4,11 @@ This document describes *changes* to pre
- affect Exim's operation, with an unchanged configuration file. For new
- options, and new features, see the NewStuff file next to this ChangeLog.
-
-+Exim version 4.92.2
-+-------------------
-+
-+HS/01 Handle trailing backslash gracefully. (CVE-2019-15846)
-+
-
- Exim version 4.89
- -----------------
---- a/src/string.c
-+++ b/src/string.c
-@@ -220,6 +220,8 @@ interpreted in strings.
- Arguments:
- pp points a pointer to the initiating "\" in the string;
- the pointer gets updated to point to the final character
-+ If the backslash is the last character in the string, it
-+ is not interpreted.
- Returns: the value of the character escape
- */
-
-@@ -232,6 +234,7 @@ const uschar *hex_digits= CUS"0123456789
- int ch;
- const uschar *p = *pp;
- ch = *(++p);
-+if (ch == '\0') return **pp;
- if (isdigit(ch) && ch != '8' && ch != '9')
- {
- ch -= '0';
HCoop / hcoop / debian / exim4.git / blobdiff