From 6ff753f2a8f3f716eb338eb4070fb936118dc129 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Mon, 14 Jan 2013 23:44:54 +0100 Subject: [PATCH] mcrypt: rediff CVE-2012-4527 to fix issue with old patch versions Fixes http://autobuild.buildroot.org/results/e648bfb37051c3b73712d2c7881193e9376f2812/ patch 2.5.9 (but not E.G. 2.6.1) had problems with the upstream CVE patch, so rediff it to make it work. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard --- package/mcrypt/mcrypt-CVE-2012-4527.patch | 49 +++++++++-------------- 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/package/mcrypt/mcrypt-CVE-2012-4527.patch b/package/mcrypt/mcrypt-CVE-2012-4527.patch index a287680958..a8cf6f449a 100644 --- a/package/mcrypt/mcrypt-CVE-2012-4527.patch +++ b/package/mcrypt/mcrypt-CVE-2012-4527.patch @@ -1,32 +1,23 @@ -Description: [CVE-2012-4527] Stack-based buffer overflow with long file names - . - A buffer overflow in mcrypt version 2.6.8 and earlier due to long filenames. - If a user were tricked into attempting to encrypt/decrypt specially crafted - long filename(s), this flaw would cause a stack-based buffer overflow that - could potentially lead to arbitrary code execution. - . - Note that this is caught by FORTIFY_SOURCE, which makes this a crash-only - bug on wheezy. -Author: Attila Bogar, Jean-Michel Vourgère -Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4527 -Bug: CVE-2012-4527 -Bug-Debian: http://bugs.debian.org/690924 -Forwarded: no -Last-Update: 2012-11-01 -Index: mcrypt-2.6.8/src/mcrypt.c -=================================================================== ---- mcrypt-2.6.8.orig/src/mcrypt.c -+++ mcrypt-2.6.8/src/mcrypt.c -@@ -41,4 +41,6 @@ +Fix for CVE-2012-4527. +Authored by Attila Bogar and Jean-Michel Vourgère + +Signed-off-by: Gustavo Zacarias + +diff -Nura mcrypt-2.6.8.orig/src/mcrypt.c mcrypt-2.6.8/src/mcrypt.c +--- mcrypt-2.6.8.orig/src/mcrypt.c 2013-01-14 19:15:49.465925072 -0300 ++++ mcrypt-2.6.8/src/mcrypt.c 2013-01-14 19:28:13.711478000 -0300 +@@ -44,7 +44,9 @@ + static char rcsid[] = + "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $"; +-char tmperr[128]; +/* Temporary error message can contain one file name and 1k of text */ +#define ERRWIDTH ((PATH_MAX)+1024) --char tmperr[128]; +char tmperr[ERRWIDTH]; unsigned int stream_flag = FALSE; char *keymode = NULL; char *mode = NULL; -@@ -482,7 +485,7 @@ +@@ -482,7 +484,7 @@ #ifdef HAVE_STAT if (stream_flag == FALSE) { if (is_normal_file(file[i]) == FALSE) { @@ -35,7 +26,7 @@ Index: mcrypt-2.6.8/src/mcrypt.c _ ("%s: %s is not a regular file. Skipping...\n"), program_name, file[i]); -@@ -501,7 +504,7 @@ +@@ -501,7 +503,7 @@ dinfile = file[i]; if ((isatty(fileno((FILE *) (stdin))) == 1) && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ @@ -44,7 +35,7 @@ Index: mcrypt-2.6.8/src/mcrypt.c _ ("%s: Encrypted data will not be read from a terminal.\n"), program_name); -@@ -520,7 +523,7 @@ +@@ -520,7 +522,7 @@ einfile = file[i]; if ((isatty(fileno((FILE *) (stdout))) == 1) && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ @@ -53,7 +44,7 @@ Index: mcrypt-2.6.8/src/mcrypt.c _ ("%s: Encrypted data will not be written to a terminal.\n"), program_name); -@@ -544,7 +547,7 @@ +@@ -544,7 +546,7 @@ strcpy(outfile, einfile); /* if file has already the .nc ignore it */ if (strstr(outfile, ".nc") != NULL) { @@ -62,7 +53,7 @@ Index: mcrypt-2.6.8/src/mcrypt.c _ ("%s: file %s has the .nc suffix... skipping...\n"), program_name, outfile); -@@ -590,10 +593,10 @@ +@@ -590,10 +592,10 @@ if (x == 0) { if (stream_flag == FALSE) { @@ -75,7 +66,7 @@ Index: mcrypt-2.6.8/src/mcrypt.c err_warn(tmperr); } #ifdef HAVE_STAT -@@ -610,7 +613,7 @@ +@@ -610,7 +612,7 @@ } else { if (stream_flag == FALSE) { @@ -84,7 +75,7 @@ Index: mcrypt-2.6.8/src/mcrypt.c _ ("File %s was NOT decrypted successfully.\n"), dinfile); -@@ -636,10 +639,10 @@ +@@ -636,10 +638,10 @@ if (x == 0) { if (stream_flag == FALSE) { @@ -97,7 +88,7 @@ Index: mcrypt-2.6.8/src/mcrypt.c err_warn(tmperr); } #ifdef HAVE_STAT -@@ -655,7 +658,7 @@ +@@ -655,7 +657,7 @@ } else { if (stream_flag == FALSE) { -- 2.30.2