Overview

File mcrypt-CVE-2012-4409.patch of Package mcrypt

Index: mcrypt-2.6.8/src/extra.c
===================================================================
--- mcrypt-2.6.8.orig/src/extra.c
+++ mcrypt-2.6.8/src/extra.c
@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char
 			if (m_getbit(0, sflag) != 0) { /* if the first bit is set */
 				*salt_size = m_setbit(0, sflag, 0);
 				if (*salt_size > 0) {
+					if (*salt_size > sizeof(tmp_buf))
+					    err_quit(_("Salt is too long\n"));
 					fread(tmp_buf, 1, *salt_size,
 					      fstream);
 					memmove(salt, tmp_buf, *salt_size);
openSUSE Build Service is sponsored by
Places