Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf format string Closes: #481186 (CVE-2008-2149) Please note: The WordNet code contains several other occurences of potentially exploitable functions like strcpy()/strcat()/... and so even if there are no known exploits the code needs a full security audit. --- a/src/wn.c +++ b/src/wn.c @@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[]) outsenses += do_search(av[1], optptr->pos, optptr->search, whichsense, optptr->label); } else { - sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]); + /* Fix CVE-2008-2149: buffer overflows Andreas Tille */ + sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]); display_message(tmpbuf); errcount++; } scripts Wojtek's customized Guix
aboutsummaryrefslogtreecommitdiff
path: root/doc/local.mk
AgeCommit message (Expand)Author
2019-03-13doc: Document the graphical installer some more....Ludovic Courtès
2018-11-01doc: Add German translation....Julien Lepiller
2018-04-29build: Use only one domain for guix-manual....Julien Lepiller
2018-04-25build: Add silent rules for Texinfo xref translation....Ludovic Courtès
2018-04-19gnu: doc: Add French documentation....Julien Lepiller
2018-04-19gnu: doc: Allow documentation to be translated....Julien Lepiller
2018-01-20build: Declare “doc/guix.texi“ dependencies....Mathieu Lirzin