r10691 - in /packages/wordnet/trunk/debian/patches: 51_overflows.patch 51_overflows.patch.broken 51_overflows_memcpy.patch series

tille at users.alioth.debian.org tille at users.alioth.debian.org
Sat Sep 6 17:38:34 UTC 2008 

Author: tille
Date: Sat Sep  6 17:38:34 2008
New Revision: 10691

URL: http://svn.debian.org/wsvn/debian-science/?sc=1&rev=10691
Log:
Fix the problemativ part of the oCert patch

Added:
    packages/wordnet/trunk/debian/patches/51_overflows_memcpy.patch
Removed:
    packages/wordnet/trunk/debian/patches/51_overflows.patch.broken
Modified:
    packages/wordnet/trunk/debian/patches/51_overflows.patch
    packages/wordnet/trunk/debian/patches/series

Modified: packages/wordnet/trunk/debian/patches/51_overflows.patch
URL: http://svn.debian.org/wsvn/debian-science/packages/wordnet/trunk/debian/patches/51_overflows.patch?rev=10691&op=diff
==============================================================================
--- packages/wordnet/trunk/debian/patches/51_overflows.patch (original)
+++ packages/wordnet/trunk/debian/patches/51_overflows.patch Sat Sep  6 17:38:34 2008
@@ -1,3 +1,12 @@
+This patch was created by oCert according to
+ http://www.ocert.org/advisories/ocert-2008-014.html
+and can be downloaded from
+ http://www.ocert.org/analysis/2008-014/wordnet.patch
+Unfortunately the original patch had a problem which
+caused 'wordnet test -synsn' to fail.  The critical
+part of the patch was removed from the whole patch
+set and is moved to 51_overflows_memcpy.patch which
+uses memcpy instead of the formerly used strcpy.
 diff --git a/lib/binsrch.c b/lib/binsrch.c
 index 85436f3..8b71216 100644
 --- a/lib/binsrch.c

Added: packages/wordnet/trunk/debian/patches/51_overflows_memcpy.patch
URL: http://svn.debian.org/wsvn/debian-science/packages/wordnet/trunk/debian/patches/51_overflows_memcpy.patch?rev=10691&op=file
==============================================================================
--- packages/wordnet/trunk/debian/patches/51_overflows_memcpy.patch (added)
+++ packages/wordnet/trunk/debian/patches/51_overflows_memcpy.patch Sat Sep  6 17:38:34 2008
@@ -1,0 +1,19 @@
+This patch was created by oCert according to
+ http://www.ocert.org/advisories/ocert-2008-014.html
+Unfortunately the original patch contained a bug which was
+later fixed by the issuer of the patch Rob Holland <rob at ocert.org>
+This part was now separated in this file.
+diff --git a/lib/search.c b/lib/search.c
+index 1cdedc3..bc781cd 100644
+--- a/lib/search.c
++++ wordnet-3.0/lib/search.c
+@@ -1570,7 +1568,8 @@ char *findtheinfo(char *searchstr, int dbase, int ptrtyp, int whichsense)
+ 			bufstart[0] = '\n';
+ 			bufstart++;
+ 		    }
+-		    strncpy(bufstart, tmpbuf, strlen(tmpbuf));
++                   /* Avoid writing a trailing \0 after the string */
++                   memcpy(bufstart, tmpbuf, strlen(tmpbuf));
+ 		    bufstart = searchbuffer + strlen(searchbuffer);
+ 		}
+ 	    }

Modified: packages/wordnet/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/debian-science/packages/wordnet/trunk/debian/patches/series?rev=10691&op=diff
==============================================================================
--- packages/wordnet/trunk/debian/patches/series (original)
+++ packages/wordnet/trunk/debian/patches/series Sat Sep  6 17:38:34 2008
@@ -11,3 +11,4 @@
 41_doc_man_fix_names.patch
 50_CVE-2008-2149_buffer_overflows.patch
 51_overflows.patch
+51_overflows_memcpy.patch

More information about the debian-science-commits mailing list