gnu/packages/patches/wordnet-CVE-2008-2149.patch

   1 Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
   2 format string
   3 Closes: #481186 (CVE-2008-2149)
   4 Please note: The WordNet code contains several other occurences of potentially
   5 exploitable functions like strcpy()/strcat()/...  and so even if there are no
   6 known exploits the code needs a full security audit.
   7
   8 --- a/src/wn.c
   9 +++ b/src/wn.c
  10 @@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
  11                     outsenses += do_search(av[1], optptr->pos, optptr->search,
  12                                             whichsense, optptr->label);
  13             } else {
  14 -               sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
  15 +               /* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
  16 +               sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
  17                 display_message(tmpbuf);
  18                 errcount++;
  19             }