Heyho Andreas, * Andreas Tille <[EMAIL PROTECTED]> [2008-05-15 14:57]: > On Wed, 14 May 2008, Steffen Joeris wrote: > > >CVE-2008-2149: [...] > there are potentially more issues of other sprintf()/strcpy()/strcat()/... > occurences. So I wonder if you accept the attached patch as a fix for > the problem. It actually cures the long command line option problem but > not more. [...] > --- wordnet-3.0.orig/src/wn.c > +++ wordnet-3.0/src/wn.c > @@ -206,7 +206,8 @@ > outsenses += do_search(av[1], optptr->pos, optptr->search, > whichsense, optptr->label); > } else { > - sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]); > + /* Fix CVE-2008-2149: buffer overflows Andreas Tille <[EMAIL > PROTECTED]> */ > + sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]); > display_message(tmpbuf); > errcount++; > }
Please use snprintf(tmpbuf, sizeof(tmpbuf), ... instead of this. Apart from that I think fixing this for now is fine, we can issue more updates later. As Thijs already mentioned, please include the CVE id in your changelog. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpblMv7oc90l.pgp
Description: PGP signature