File liblouis-CVE-2023-26769.patch of Package liblouis.33555

Overview Repositories Revisions Requests Users Attributes Meta

File liblouis-CVE-2023-26769.patch of Package liblouis.33555

diff -Nura liblouis-3.20.0/liblouis/compileTranslationTable.c liblouis-3.20.0_new/liblouis/compileTranslationTable.c
--- liblouis-3.20.0/liblouis/compileTranslationTable.c	2023-03-31 21:54:48.286282569 +0800
+++ liblouis-3.20.0_new/liblouis/compileTranslationTable.c	2023-03-31 22:06:30.693451705 +0800
@@ -4511,18 +4511,21 @@
 	char *tableFile;
 	static struct stat info;
 
+#define MAX_TABLEFILE_SIZE (MAXSTRING * sizeof(char) * 2)
 	if (table == NULL || table[0] == '\0') return NULL;
-	tableFile = (char *)malloc(MAXSTRING * sizeof(char) * 2);
+        tableFile = (char *)malloc(MAX_TABLEFILE_SIZE);
 
 	//
 	// First try to resolve against base
 	//
 	if (base) {
 		int k;
+                if (strlen(base) >= MAX_TABLEFILE_SIZE) goto failure;
 		strcpy(tableFile, base);
 		k = (int)strlen(tableFile);
 		while (k >= 0 && tableFile[k] != '/' && tableFile[k] != '\\') k--;
 		tableFile[++k] = '\0';
+                if (strlen(tableFile) + strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
 		strcat(tableFile, table);
 		if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
 			_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -4534,6 +4537,7 @@
 	// It could be an absolute path, or a path relative to the current working
 	// directory
 	//
+        if (strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
 	strcpy(tableFile, table);
 	if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
 		_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -4554,6 +4558,10 @@
 			last = (*cp == '\0');
 			*cp = '\0';
 			if (dir == cp) dir = ".";
+			if (strlen(dir) + strlen(table) + 1 >= MAX_TABLEFILE_SIZE) {
+				free(searchPath_copy);
+				goto failure;
+			}
 			sprintf(tableFile, "%s%c%s", dir, DIR_SEP, table);
 			if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
 				_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -4561,6 +4569,11 @@
 				return tableFile;
 			}
 			if (last) break;
+                        if (strlen(dir) + strlen("liblouis") + strlen("tables") + strlen(table) + 3 >=
+					MAX_TABLEFILE_SIZE) {
+				free(searchPath_copy);
+				goto failure;
+			}
 			sprintf(tableFile, "%s%c%s%c%s%c%s", dir, DIR_SEP, "liblouis", DIR_SEP,
 					"tables", DIR_SEP, table);
 			if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
@@ -4572,6 +4585,7 @@
 		}
 		free(searchPath_copy);
 	}
+failure:
 	free(tableFile);
 	return NULL;
 }

Places

File liblouis-CVE-2023-26769.patch of Package liblouis.33555

Places