Commit | Line | Data |
---|---|---|
c1dbd3a8 EF |
1 | Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf |
2 | format string | |
3 | Closes: #481186 (CVE-2008-2149) | |
4 | Please note: The WordNet code contains several other occurences of potentially | |
5 | exploitable functions like strcpy()/strcat()/... and so even if there are no | |
6 | known exploits the code needs a full security audit. | |
7 | ||
8 | --- a/src/wn.c | |
9 | +++ b/src/wn.c | |
10 | @@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[]) | |
11 | outsenses += do_search(av[1], optptr->pos, optptr->search, | |
12 | whichsense, optptr->label); | |
13 | } else { | |
14 | - sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]); | |
15 | + /* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */ | |
16 | + sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]); | |
17 | display_message(tmpbuf); | |
18 | errcount++; | |
19 | } |