c1dbd3a870
* gnu/packages/wordnet.scm (wordnet)[source]: Add patches. * gnu/packages/patches/wordnet-CVE-2008-2149.patch, gnu/packages/patches/wordnet-CVE-2008-3908-pt1.patch, gnu/packages/patches/wordnet-CVE-2008-3908-pt2.patch: New variables. * gnu/local.mk (dist_patch_DATA): Add them.
19 lines
807 B
Diff
19 lines
807 B
Diff
Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
|
|
format string
|
|
Closes: #481186 (CVE-2008-2149)
|
|
Please note: The WordNet code contains several other occurences of potentially
|
|
exploitable functions like strcpy()/strcat()/... and so even if there are no
|
|
known exploits the code needs a full security audit.
|
|
|
|
--- a/src/wn.c
|
|
+++ b/src/wn.c
|
|
@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
|
|
outsenses += do_search(av[1], optptr->pos, optptr->search,
|
|
whichsense, optptr->label);
|
|
} else {
|
|
- sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
|
|
+ /* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
|
|
+ sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
|
|
display_message(tmpbuf);
|
|
errcount++;
|
|
}
|