Security fix for a buffer overflow when running gnupg in interactive mode.
More info: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
This commit is contained in:
parent
51f3e24103
commit
8ebe3474a5
@ -1,8 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.61 2006/08/07 19:59:20 bernd Exp $
|
||||
# $OpenBSD: Makefile,v 1.62 2006/11/28 10:18:49 bernd Exp $
|
||||
|
||||
COMMENT= "GNU privacy guard - a free PGP replacement"
|
||||
|
||||
DISTNAME= gnupg-1.4.5
|
||||
PKGNAME= ${DISTNAME}p0
|
||||
CATEGORIES= security
|
||||
|
||||
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/ \
|
||||
|
17
security/gnupg/patches/patch-g10_openfile_c
Normal file
17
security/gnupg/patches/patch-g10_openfile_c
Normal file
@ -0,0 +1,17 @@
|
||||
$OpenBSD: patch-g10_openfile_c,v 1.1 2006/11/28 10:18:49 bernd Exp $
|
||||
|
||||
Fixes a buffer overflow when running gnupg in interactive mode.
|
||||
Should be fixed in >1.4.5.
|
||||
|
||||
--- g10/openfile.c.orig Tue Nov 28 11:05:05 2006
|
||||
+++ g10/openfile.c Tue Nov 28 11:06:01 2006
|
||||
@@ -144,8 +144,8 @@ ask_outfile_name( const char *name, size
|
||||
|
||||
s = _("Enter new filename");
|
||||
|
||||
- n = strlen(s) + namelen + 10;
|
||||
defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
|
||||
+ n = strlen(s) + (defname?strlen (defname):0) + 10;
|
||||
prompt = xmalloc(n);
|
||||
if( defname )
|
||||
sprintf(prompt, "%s [%s]: ", s, defname );
|
Loading…
Reference in New Issue
Block a user