1 From b0716eac4e800a0ea53e1b949250f671702f28a0 Mon Sep 17 00:00:00 2001
2 From: Tom Callaway <spot@fedoraproject.org>
3 Date: Tue, 30 Oct 2012 15:39:24 -0400
4 Subject: apply workaround to CVE-2012-4527
6 --- mcrypt-2.6.8.orig/src/mcrypt.c
7 +++ mcrypt-2.6.8/src/mcrypt.c
15 "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $";
19 if (stream_flag == FALSE) {
20 if (is_normal_file(file[i]) == FALSE) {
22 + snprintf(tmperr, WIDTH,
24 ("%s: %s is not a regular file. Skipping...\n"),
25 program_name, file[i]);
28 if ((isatty(fileno((FILE *) (stdin))) == 1)
29 && (stream_flag == TRUE) && (force == 0)) { /* not a tty */
31 + snprintf(tmperr, WIDTH,
33 ("%s: Encrypted data will not be read from a terminal.\n"),
37 if ((isatty(fileno((FILE *) (stdout))) == 1)
38 && (stream_flag == TRUE) && (force == 0)) { /* not a tty */
40 + snprintf(tmperr, WIDTH,
42 ("%s: Encrypted data will not be written to a terminal.\n"),
45 strcpy(outfile, einfile);
46 /* if file has already the .nc ignore it */
47 if (strstr(outfile, ".nc") != NULL) {
49 + snprintf(tmperr, WIDTH,
51 ("%s: file %s has the .nc suffix... skipping...\n"),
52 program_name, outfile);
56 if (stream_flag == FALSE) {
57 - sprintf(tmperr, _("File %s was decrypted.\n"), dinfile);
58 + snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile);
61 - sprintf(tmperr, _("Stdin was decrypted.\n"));
62 + snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n"));
69 if (stream_flag == FALSE) {
71 + snprintf(tmperr, WIDTH,
73 ("File %s was NOT decrypted successfully.\n"),
78 if (stream_flag == FALSE) {
79 - sprintf(tmperr, _("File %s was encrypted.\n"), einfile);
80 + snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile);
83 - sprintf(tmperr, _("Stdin was encrypted.\n"));
84 + snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n"));
91 if (stream_flag == FALSE) {
93 + snprintf(tmperr, WIDTH,
95 ("File %s was NOT encrypted successfully.\n"),