Security fix for a buffer overflow when running gnupg in interactive mode.

More info:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
This commit is contained in:
bernd 2006-11-28 10:18:49 +00:00
parent 51f3e24103
commit 8ebe3474a5
2 changed files with 19 additions and 1 deletions

View File

@ -1,8 +1,9 @@
# $OpenBSD: Makefile,v 1.61 2006/08/07 19:59:20 bernd Exp $
# $OpenBSD: Makefile,v 1.62 2006/11/28 10:18:49 bernd Exp $
COMMENT= "GNU privacy guard - a free PGP replacement"
DISTNAME= gnupg-1.4.5
PKGNAME= ${DISTNAME}p0
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/ \

View File

@ -0,0 +1,17 @@
$OpenBSD: patch-g10_openfile_c,v 1.1 2006/11/28 10:18:49 bernd Exp $
Fixes a buffer overflow when running gnupg in interactive mode.
Should be fixed in >1.4.5.
--- g10/openfile.c.orig Tue Nov 28 11:05:05 2006
+++ g10/openfile.c Tue Nov 28 11:06:01 2006
@@ -144,8 +144,8 @@ ask_outfile_name( const char *name, size
s = _("Enter new filename");
- n = strlen(s) + namelen + 10;
defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
+ n = strlen(s) + (defname?strlen (defname):0) + 10;
prompt = xmalloc(n);
if( defname )
sprintf(prompt, "%s [%s]: ", s, defname );