debianutils: bump to version 4.8.1
[buildroot-gz.git] / package / mcrypt / 0003-CVE-2012-4527.patch
bloba8cf6f449abe1f149f5ffde26723b56bcea5e959
1 Fix for CVE-2012-4527.
2 Authored by Attila Bogar and Jean-Michel Vourgère <jmv_deb@nirgal.com>
4 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
6 diff -Nura mcrypt-2.6.8.orig/src/mcrypt.c mcrypt-2.6.8/src/mcrypt.c
7 --- mcrypt-2.6.8.orig/src/mcrypt.c 2013-01-14 19:15:49.465925072 -0300
8 +++ mcrypt-2.6.8/src/mcrypt.c 2013-01-14 19:28:13.711478000 -0300
9 @@ -44,7 +44,9 @@
10 static char rcsid[] =
11 "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $";
13 -char tmperr[128];
14 +/* Temporary error message can contain one file name and 1k of text */
15 +#define ERRWIDTH ((PATH_MAX)+1024)
16 +char tmperr[ERRWIDTH];
17 unsigned int stream_flag = FALSE;
18 char *keymode = NULL;
19 char *mode = NULL;
20 @@ -482,7 +484,7 @@
21 #ifdef HAVE_STAT
22 if (stream_flag == FALSE) {
23 if (is_normal_file(file[i]) == FALSE) {
24 - sprintf(tmperr,
25 + snprintf(tmperr, ERRWIDTH,
27 ("%s: %s is not a regular file. Skipping...\n"),
28 program_name, file[i]);
29 @@ -501,7 +503,7 @@
30 dinfile = file[i];
31 if ((isatty(fileno((FILE *) (stdin))) == 1)
32 && (stream_flag == TRUE) && (force == 0)) { /* not a tty */
33 - sprintf(tmperr,
34 + snprintf(tmperr, ERRWIDTH,
36 ("%s: Encrypted data will not be read from a terminal.\n"),
37 program_name);
38 @@ -520,7 +522,7 @@
39 einfile = file[i];
40 if ((isatty(fileno((FILE *) (stdout))) == 1)
41 && (stream_flag == TRUE) && (force == 0)) { /* not a tty */
42 - sprintf(tmperr,
43 + snprintf(tmperr, ERRWIDTH,
45 ("%s: Encrypted data will not be written to a terminal.\n"),
46 program_name);
47 @@ -544,7 +546,7 @@
48 strcpy(outfile, einfile);
49 /* if file has already the .nc ignore it */
50 if (strstr(outfile, ".nc") != NULL) {
51 - sprintf(tmperr,
52 + snprintf(tmperr, ERRWIDTH,
54 ("%s: file %s has the .nc suffix... skipping...\n"),
55 program_name, outfile);
56 @@ -590,10 +592,10 @@
58 if (x == 0) {
59 if (stream_flag == FALSE) {
60 - sprintf(tmperr, _("File %s was decrypted.\n"), dinfile);
61 + snprintf(tmperr, ERRWIDTH, _("File %s was decrypted.\n"), dinfile);
62 err_warn(tmperr);
63 } else {
64 - sprintf(tmperr, _("Stdin was decrypted.\n"));
65 + snprintf(tmperr, ERRWIDTH, _("Stdin was decrypted.\n"));
66 err_warn(tmperr);
68 #ifdef HAVE_STAT
69 @@ -610,7 +612,7 @@
71 } else {
72 if (stream_flag == FALSE) {
73 - sprintf(tmperr,
74 + snprintf(tmperr, ERRWIDTH,
76 ("File %s was NOT decrypted successfully.\n"),
77 dinfile);
78 @@ -636,10 +638,10 @@
80 if (x == 0) {
81 if (stream_flag == FALSE) {
82 - sprintf(tmperr, _("File %s was encrypted.\n"), einfile);
83 + snprintf(tmperr, ERRWIDTH, _("File %s was encrypted.\n"), einfile);
84 err_warn(tmperr);
85 } else {
86 - sprintf(tmperr, _("Stdin was encrypted.\n"));
87 + snprintf(tmperr, ERRWIDTH, _("Stdin was encrypted.\n"));
88 err_warn(tmperr);
90 #ifdef HAVE_STAT
91 @@ -655,7 +657,7 @@
93 } else {
94 if (stream_flag == FALSE) {
95 - sprintf(tmperr,
96 + snprintf(tmperr, ERRWIDTH,
98 ("File %s was NOT encrypted successfully.\n"),
99 einfile);