Bug 585206

Summary: Unknown wn option handled as format string
Product: [Fedora] Fedora Reporter: Petr Pisar <ppisar>
Component: wordnetAssignee: steve <steve>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: ovasik, ppisar
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 585199 Environment:
Last Closed: 2010-05-14 06:41:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 585199    
Bug Blocks:    
Attachments:
Description Flags
Fix none

Description Petr Pisar 2010-04-23 12:32:26 UTC 
+++ This bug was initially created as a clone of Bug #585199 +++

Description of problem:

`wn' utilty from wordnet-3.0 package passes user input (executable positional
argument to fprintf(3) as format string without check for format escapes.


Version-Release number of selected component (if applicable):

wordnet-3.0-10.fc14 and lower version in all Fedoras.


How reproducible:

Compile and install wordnet package and invoke `wn' executable with invalid
arguments resulting in application error message:

    $ wn -antsn 'Hello world'
    wn: invalid search option: Hello world

Now try some formating escapes:

    $ wn -antsn '%s'
    Segmentation fault (core dumped)

    $ wn -antsn '%x %x %x %x'
    wn: invalid search option: 1 b 0 1789f60d

    $ wn -antsn '%n'
    *** %n in writable segment detected ***
    Aborted (core dumped)

Additional info:
WordNet-3.0/src/wn.c:346:

    static int error_message(char *msg)
    {
→       fprintf(stderr, msg);
        return(0);
    }

--- Additional comment from ppisar on 2010-04-23 08:19:52 EDT ---

Created an attachment (id=408589)
Fix

Print message as raw string.
Comment 1 Petr Pisar 2010-04-23 12:33:50 UTC 
Created attachment 408592 [details]
Fix

Print message as raw string.
Comment 2 Fedora Update System 2010-04-26 08:30:18 UTC 
wordnet-3.0-11.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/wordnet-3.0-11.fc13
Comment 3 Fedora Update System 2010-04-26 08:31:41 UTC 
wordnet-3.0-11.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/wordnet-3.0-11.fc12
Comment 4 Fedora Update System 2010-04-26 08:44:39 UTC 
wordnet-3.0-10.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/wordnet-3.0-10.fc11
Comment 5 Petr Pisar 2010-04-26 09:04:12 UTC 
Fixed in CVS for F14--F11. Koji does not acceppt build tasks for F10 any more. Thus F10 will be unpatched.
Comment 6 Fedora Update System 2010-05-13 19:28:22 UTC 
wordnet-3.0-11.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2010-05-13 19:30:14 UTC 
wordnet-3.0-11.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2010-05-13 19:33:08 UTC 
wordnet-3.0-10.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.