Heyho Andreas,
* Andreas Tille <[EMAIL PROTECTED]> [2008-05-15 14:57]:
> On Wed, 14 May 2008, Steffen Joeris wrote:
>
> >CVE-2008-2149:
[...]
> there are potentially more issues of other sprintf()/strcpy()/strcat()/...
> occurences. So I wonder if you accept the attached patch as a fix for
> the problem. It actually cures the long command line option problem but
> not more.
[...]
> --- wordnet-3.0.orig/src/wn.c
> +++ wordnet-3.0/src/wn.c
> @@ -206,7 +206,8 @@
> outsenses += do_search(av[1], optptr->pos, optptr->search,
> whichsense, optptr->label);
> } else {
> - sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
> + /* Fix CVE-2008-2149: buffer overflows Andreas Tille <[EMAIL
> PROTECTED]> */
> + sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
> display_message(tmpbuf);
> errcount++;
> }Please use snprintf(tmpbuf, sizeof(tmpbuf), ... instead of this. Apart from that I think fixing this for now is fine, we can issue more updates later. As Thijs already mentioned, please include the CVE id in your changelog. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpTUEiFp71tT.pgp
Description: PGP signature
