1 files changed, 61 insertions, 0 deletions

diff --git a/debian/patches/CVE-2022-37452.patch b/debian/patches/CVE-2022-37452.patch
new file mode 100644
index 0000000..b604e0f
--- /dev/null
+++ b/debian/patches/CVE-2022-37452.patch
@@ -0,0 +1,61 @@
+From 20812729e3e47a193a21d326ecd036d67a8b2724 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Sun, 16 May 2021 19:11:19 +0200
+Subject: [PATCH] Fix host_name_lookup (Close 2747)
+
+Thanks to Nico R for providing a reproducing configuration.
+
+        host_lookup             = *
+        message_size_limit      = ${if def:sender_host_name {32M}{32M}}
+        acl_smtp_connect        = acl_smtp_connect
+        acl_smtp_rcpt           = acl_smtp_rcpt
+
+        begin acl
+          acl_smtp_connect:
+                warn ratelimit = 256 / 1m / per_conn
+                accept
+
+          acl_smtp_rcpt:
+                accept hosts = 127.0.0.*
+
+        begin routers
+        null:
+          driver          = accept
+          transport       = null
+
+        begin transports
+        null:
+          driver          = appendfile
+          file            = /dev/null
+
+Tested with
+
+        swaks -f mailbox@example.org -t mailbox@example.org --pipe 'exim -bh 127.0.0.1 -C /opt/exim/etc/exim-bug.conf'
+
+The IP must have a PTR to "localhost." to reproduce it.
+---
+ src/host.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: exim4-4.92/src/host.c
+===================================================================
+--- exim4-4.92.orig/src/host.c
++++ exim4-4.92/src/host.c
+@@ -1593,7 +1593,7 @@ while (*s != 0) *t++ = tolower(*s++);
+ 
+ if (hosts->h_aliases != NULL)
+   {
+-  int count = 1;
++  int count = 1;  /* need 1 more for terminating NULL */
+   uschar **aliases, **ptr;
+   for (aliases = USS hosts->h_aliases; *aliases != NULL; aliases++) count++;
+   ptr = sender_host_aliases = store_get_perm(count * sizeof(uschar *));
+@@ -1703,7 +1703,7 @@ while ((ordername = string_nextinlist(&l
+       {
+       uschar **aptr = NULL;
+       int ssize = 264;
+-      int count = 0;
++      int count = 1;  /* need 1 more for terminating NULL */
+       int old_pool = store_pool;
+ 
+       sender_host_dnssec = dns_is_secure(&dnsa);