File liblouis-CVE-2023-26769.patch of Package liblouis.28567

Overview Repositories Revisions Requests Users Attributes Meta

File liblouis-CVE-2023-26769.patch of Package liblouis.28567

diff -Nura liblouis-3.3.0/liblouis/compileTranslationTable.c liblouis-3.3.0_new/liblouis/compileTranslationTable.c
--- liblouis-3.3.0/liblouis/compileTranslationTable.c	2023-04-02 21:31:57.807244528 +0800
+++ liblouis-3.3.0_new/liblouis/compileTranslationTable.c	2023-04-02 21:40:47.180029804 +0800
@@ -5152,9 +5152,10 @@
   char *tableFile;
   static struct stat info;
 
+#define MAX_TABLEFILE_SIZE (MAXSTRING * sizeof(char) * 2)
   if (table == NULL || table[0] == '\0')
     return NULL;
-  tableFile = (char *) malloc (MAXSTRING * sizeof(char) * 2);
+  tableFile = (char *)malloc(MAX_TABLEFILE_SIZE);
   
   //
   // First try to resolve against base
@@ -5162,10 +5163,12 @@
   if (base)
     {
       int k;
+      if (strlen(base) >= MAX_TABLEFILE_SIZE) goto failure;
       strcpy (tableFile, base);
       k = (int)strlen (tableFile);
       while (k >= 0 && tableFile[k] != '/' && tableFile[k] != '\\') k--;
       tableFile[++k] = '\0';
+      if (strlen(tableFile) + strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
       strcat (tableFile, table);
       if (stat (tableFile, &info) == 0 && !(info.st_mode & S_IFDIR))
 	{
@@ -5178,6 +5181,7 @@
   // It could be an absolute path, or a path relative to the current working
   // directory
   //
+  if (strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
   strcpy (tableFile, table);
   if (stat (tableFile, &info) == 0 && !(info.st_mode & S_IFDIR))
 	{
@@ -5202,6 +5206,10 @@
 	  *cp = '\0';
 	  if (dir == cp)
 	    dir = ".";
+          if (strlen(dir) + strlen(table) + 1 >= MAX_TABLEFILE_SIZE) {
+                  free(searchPath_copy);
+                  goto failure;
+          }
 	  sprintf (tableFile, "%s%c%s", dir, DIR_SEP, table);
 	  if (stat (tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) 
 		{
@@ -5211,6 +5219,11 @@
 		}
 	  if (last)
 	    break;
+          if (strlen(dir) + strlen("liblouis") + strlen("tables") + strlen(table) + 3 >=
+                          MAX_TABLEFILE_SIZE) {
+                  free(searchPath_copy);
+                  goto failure;
+          }
 	  sprintf (tableFile, "%s%c%s%c%s%c%s", dir, DIR_SEP, "liblouis", DIR_SEP, "tables", DIR_SEP, table);
 	  if (stat (tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) 
 		{
@@ -5221,6 +5234,7 @@
 	  if (last)
 	    break;
 	}
+failure:
       free(searchPath_copy);
     }
   free (tableFile);

Places

File liblouis-CVE-2023-26769.patch of Package liblouis.28567

Places