Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
format string
Closes: #481186 (CVE-2008-2149)
Please note: The WordNet code contains several other occurences of potentially
exploitable functions like strcpy()/strcat()/... and so even if there are no
known exploits the code needs a full security audit.
--- a/src/wn.c
+++ b/src/wn.c
@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
outsenses += do_search(av[1], optptr->pos, optptr->search,
whichsense, optptr->label);
} else {
- sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
+ /* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
+ sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
display_message(tmpbuf);
errcount++;
}
