openbsd-ports/security/mcrypt/patches/patch-src_errors_c
sthen 53b1da7ff8 In mcrypt, check salt lengths and exit with an error, rather than
overrunning a buffer, if too long. CVE-2012-4409.

Patch from http://seclists.org/oss-sec/2012/q3/396, ok benoit@
2012-09-06 21:56:31 +00:00

36 lines
712 B
Plaintext

$OpenBSD: patch-src_errors_c,v 1.1 2012/09/06 21:56:31 sthen Exp $
Format strings, http://seclists.org/oss-sec/2012/q3/396
--- src/errors.c.orig Thu Sep 6 22:24:15 2012
+++ src/errors.c Thu Sep 6 22:24:34 2012
@@ -24,24 +24,24 @@ extern int quiet;
void err_quit(char *errmsg)
{
- fprintf(stderr, errmsg);
+ fprintf(stderr, "%s", errmsg);
exit(-1);
}
void err_warn(char *errmsg)
{
if (quiet <= 1)
- fprintf(stderr, errmsg);
+ fprintf(stderr, "%s", errmsg);
}
void err_info(char *errmsg)
{
if (quiet == 0)
- fprintf(stderr, errmsg);
+ fprintf(stderr, "%s", errmsg);
}
void err_crit(char *errmsg)
{
if (quiet <= 2)
- fprintf(stderr, errmsg);
+ fprintf(stderr, "%s", errmsg);
}