unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 2ef2239a7fdfa3b3ed250dd08e376f07c532426d 668 bytes (raw)
name: patches/wordnet-CVE-2008-3908-pt2.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

 
This patch was created by oCert according to
 http://www.ocert.org/advisories/ocert-2008-014.html
Unfortunately the original patch contained a bug which was
later fixed by the issuer of the patch Rob Holland <rob@ocert.org>
This part was now separated in this file.

--- a/lib/search.c
+++ b/lib/search.c
@@ -1568,7 +1568,8 @@ char *findtheinfo(char *searchstr, int d
 			bufstart[0] = '\n';
 			bufstart++;
 		    }
-		    strncpy(bufstart, tmpbuf, strlen(tmpbuf));
+                   /* Avoid writing a trailing \0 after the string */
+                   memcpy(bufstart, tmpbuf, strlen(tmpbuf));
 		    bufstart = searchbuffer + strlen(searchbuffer);
 		}
 	    }

debug log:

solving 2ef2239a7fdfa3b3ed250dd08e376f07c532426d ...
found 2ef2239a7fdfa3b3ed250dd08e376f07c532426d in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).