package/mcrypt/0001-CVE-2012-4409.patch

   1 From 3efb40e17ce4f76717ae17a1ce1e1f747ddf59fd Mon Sep 17 00:00:00 2001
   2 From: Alon Bar-Lev <alon.barlev@gmail.com>
   3 Date: Sat, 22 Dec 2012 22:37:06 +0200
   4 Subject: [PATCH] cleanup: buffer overflow
   5
   6 ---
   7  src/extra.c |    2 ++
   8  1 files changed, 2 insertions(+), 0 deletions(-)
   9
  10 diff --git a/src/extra.c b/src/extra.c
  11 index 3082f82..c7a1ac0 100644
  12 --- a/src/extra.c
  13 +++ b/src/extra.c
  14 @@ -241,6 +241,8 @@ int check_file_head(FILE * fstream, char *algorithm, char *mode,
  15                 if (m_getbit(6, flags) == 1) { /* if the salt bit is set */
  16                         if (m_getbit(0, sflag) != 0) { /* if the first bit is set */
  17                                 *salt_size = m_setbit(0, sflag, 0);
  18 +                               if (*salt_size > sizeof(tmp_buf))
  19 +                                       err_quit(_("Salt is too long\n"));
  20                                 if (*salt_size > 0) {
  21                                         fread(tmp_buf, 1, *salt_size,
  22                                               fstream);
  23 --
  24 1.7.8.6
  25