Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
format string
Closes: #481186 (CVE-2008-2149)
Please note: The WordNet code contains several other occurences of potentially
exploitable functions like strcpy()/strcat()/...  and so even if there are no
known exploits the code needs a full security audit.

--- a/src/wn.c
+++ b/src/wn.c
@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
 		    outsenses += do_search(av[1], optptr->pos, optptr->search,
 					    whichsense, optptr->label);
 	    } else {
-		sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
+		/* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
+		sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
 		display_message(tmpbuf);
 		errcount++;
 	    }
zko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=960d7ac5a56155895543e03622f6555cc162d13a'>refs</a><a class='active' href='/guix/log/gnu/services/rsync.scm'>log</a><a href='/guix/tree/gnu/services/rsync.scm?id=960d7ac5a56155895543e03622f6555cc162d13a'>tree</a><a href='/guix/commit/gnu/services/rsync.scm?id=960d7ac5a56155895543e03622f6555cc162d13a'>commit</a><a href='/guix/diff/gnu/services/rsync.scm?id=960d7ac5a56155895543e03622f6555cc162d13a'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/services/rsync.scm'>
<input type='hidden' name='id' value='960d7ac5a56155895543e03622f6555cc162d13a'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=960d7ac5a56155895543e03622f6555cc162d13a'>root</a>/<a href='/guix/log/gnu?id=960d7ac5a56155895543e03622f6555cc162d13a'>gnu</a>/<a href='/guix/log/gnu/services?id=960d7ac5a56155895543e03622f6555cc162d13a'>services</a>/<a href='/guix/log/gnu/services/rsync.scm?id=960d7ac5a56155895543e03622f6555cc162d13a'>rsync.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/services/rsync.scm?id=960d7ac5a56155895543e03622f6555cc162d13a&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-05-18 23:11:19 -0400'>2023-05-18</span></td><td><a href='/guix/commit/gnu/services/rsync.scm?id=d43d8377c741c849ca89dccb07e7d87f82ae88d5'>services: rsync: Use least authority wrapper.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/rsync.scm (rsync-shepherd-service) Wrap rsync command in a
least-authority-wrapper.

Reviewed-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2023-05-18 23:10:56 -0400'>2023-05-18</span></td><td><a href='/guix/commit/gnu/services/rsync.scm?id=03e601da49e43ed0235144f32095ce5f58f16275'>services: rsync: Use make-inetd-constructor.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/rsync.scm (rsync-shepherd-service): Use make-inetd-constructor
if available in start slot.
* gnu/tests/rsync.scm (run-rsync-test): Delete "PID file" test.

Reviewed-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2023-04-21 16:16:37 +0200'>2023-04-21</span></td><td><a href='/guix/commit/gnu/services/rsync.scm?id=70677d882276ff44bc31d39e378749b976a9ca7d'>services: rsync: Add 'configuration' action.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/rsync.scm (rsync-shepherd-service): Add 'actions' field.
</span></span></td><td>Ludovic Courtès</td></tr>