pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / tools / misc / mcrypt / sprintf.patch
at 18.09-beta 3.6 kB view raw
1Description: [CVE-2012-4527] Stack-based buffer overflow with long file names 2 . 3 A buffer overflow in mcrypt version 2.6.8 and earlier due to long filenames. 4 If a user were tricked into attempting to encrypt/decrypt specially crafted 5 long filename(s), this flaw would cause a stack-based buffer overflow that 6 could potentially lead to arbitrary code execution. 7 . 8 Note that this is caught by FORTIFY_SOURCE, which makes this a crash-only 9 bug on wheezy. 10Author: Attila Bogar, Jean-Michel Vourgère <jmv_deb@nirgal.com> 11Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4527 12Bug: CVE-2012-4527 13Bug-Debian: http://bugs.debian.org/690924 14Forwarded: no 15Last-Update: 2012-11-01 16Index: mcrypt-2.6.8/src/mcrypt.c 17=================================================================== 18--- mcrypt-2.6.8.orig/src/mcrypt.c 19+++ mcrypt-2.6.8/src/mcrypt.c 20@@ -41,4 +41,6 @@ 21 22+/* Temporary error message can contain one file name and 1k of text */ 23+#define ERRWIDTH ((PATH_MAX)+1024) 24-char tmperr[128]; 25+char tmperr[ERRWIDTH]; 26 unsigned int stream_flag = FALSE; 27 char *keymode = NULL; 28 char *mode = NULL; 29@@ -482,7 +485,7 @@ 30 #ifdef HAVE_STAT 31 if (stream_flag == FALSE) { 32 if (is_normal_file(file[i]) == FALSE) { 33- sprintf(tmperr, 34+ snprintf(tmperr, ERRWIDTH, 35 _ 36 ("%s: %s is not a regular file. Skipping...\n"), 37 program_name, file[i]); 38@@ -501,7 +504,7 @@ 39 dinfile = file[i]; 40 if ((isatty(fileno((FILE *) (stdin))) == 1) 41 && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ 42- sprintf(tmperr, 43+ snprintf(tmperr, ERRWIDTH, 44 _ 45 ("%s: Encrypted data will not be read from a terminal.\n"), 46 program_name); 47@@ -520,7 +523,7 @@ 48 einfile = file[i]; 49 if ((isatty(fileno((FILE *) (stdout))) == 1) 50 && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ 51- sprintf(tmperr, 52+ snprintf(tmperr, ERRWIDTH, 53 _ 54 ("%s: Encrypted data will not be written to a terminal.\n"), 55 program_name); 56@@ -544,7 +547,7 @@ 57 strcpy(outfile, einfile); 58 /* if file has already the .nc ignore it */ 59 if (strstr(outfile, ".nc") != NULL) { 60- sprintf(tmperr, 61+ snprintf(tmperr, ERRWIDTH, 62 _ 63 ("%s: file %s has the .nc suffix... skipping...\n"), 64 program_name, outfile); 65@@ -590,10 +593,10 @@ 66 67 if (x == 0) { 68 if (stream_flag == FALSE) { 69- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); 70+ snprintf(tmperr, ERRWIDTH, _("File %s was decrypted.\n"), dinfile); 71 err_warn(tmperr); 72 } else { 73- sprintf(tmperr, _("Stdin was decrypted.\n")); 74+ snprintf(tmperr, ERRWIDTH, _("Stdin was decrypted.\n")); 75 err_warn(tmperr); 76 } 77 #ifdef HAVE_STAT 78@@ -610,7 +613,7 @@ 79 80 } else { 81 if (stream_flag == FALSE) { 82- sprintf(tmperr, 83+ snprintf(tmperr, ERRWIDTH, 84 _ 85 ("File %s was NOT decrypted successfully.\n"), 86 dinfile); 87@@ -636,10 +639,10 @@ 88 89 if (x == 0) { 90 if (stream_flag == FALSE) { 91- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); 92+ snprintf(tmperr, ERRWIDTH, _("File %s was encrypted.\n"), einfile); 93 err_warn(tmperr); 94 } else { 95- sprintf(tmperr, _("Stdin was encrypted.\n")); 96+ snprintf(tmperr, ERRWIDTH, _("Stdin was encrypted.\n")); 97 err_warn(tmperr); 98 } 99 #ifdef HAVE_STAT 100@@ -655,7 +658,7 @@ 101 102 } else { 103 if (stream_flag == FALSE) { 104- sprintf(tmperr, 105+ snprintf(tmperr, ERRWIDTH, 106 _ 107 ("File %s was NOT encrypted successfully.\n"), 108 einfile);