c1dbd3a870
* gnu/packages/wordnet.scm (wordnet)[source]: Add patches. * gnu/packages/patches/wordnet-CVE-2008-2149.patch, gnu/packages/patches/wordnet-CVE-2008-3908-pt1.patch, gnu/packages/patches/wordnet-CVE-2008-3908-pt2.patch: New variables. * gnu/local.mk (dist_patch_DATA): Add them.
18 lines
668 B
Diff
18 lines
668 B
Diff
This patch was created by oCert according to
|
|
http://www.ocert.org/advisories/ocert-2008-014.html
|
|
Unfortunately the original patch contained a bug which was
|
|
later fixed by the issuer of the patch Rob Holland <rob@ocert.org>
|
|
This part was now separated in this file.
|
|
|
|
--- a/lib/search.c
|
|
+++ b/lib/search.c
|
|
@@ -1568,7 +1568,8 @@ char *findtheinfo(char *searchstr, int d
|
|
bufstart[0] = '\n';
|
|
bufstart++;
|
|
}
|
|
- strncpy(bufstart, tmpbuf, strlen(tmpbuf));
|
|
+ /* Avoid writing a trailing \0 after the string */
|
|
+ memcpy(bufstart, tmpbuf, strlen(tmpbuf));
|
|
bufstart = searchbuffer + strlen(searchbuffer);
|
|
}
|
|
}
|