[jackhill/guix/guix.git] / gnu / packages / patches / wordnet-CVE-2008-2149.patch

Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
format string
Closes: #481186 (CVE-2008-2149)
Please note: The WordNet code contains several other occurences of potentially
exploitable functions like strcpy()/strcat()/...  and so even if there are no
known exploits the code needs a full security audit.

--- a/src/wn.c
+++ b/src/wn.c
@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
 		    outsenses += do_search(av[1], optptr->pos, optptr->search,
 					    whichsense, optptr->label);
 	    } else {
-		sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
+		/* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
+		sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
 		display_message(tmpbuf);
 		errcount++;
 	    }
Commit	Line	Data
c1dbd3a8 EF	1	Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
	2	format string
	3	Closes: #481186 (CVE-2008-2149)
	4	Please note: The WordNet code contains several other occurences of potentially
	5	exploitable functions like strcpy()/strcat()/... and so even if there are no
	6	known exploits the code needs a full security audit.
	7
	8	--- a/src/wn.c
	9	+++ b/src/wn.c
	10	@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
	11	outsenses += do_search(av[1], optptr->pos, optptr->search,
	12	whichsense, optptr->label);
	13	} else {
	14	- sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
	15	+ /* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
	16	+ sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
	17	display_message(tmpbuf);
	18	errcount++;
	19	}