File CVE-2018-11683.patch of Package liblouis.8491

From e7eee2b7926668360a0d8e2abee6c35a00ebce3c Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Mon, 4 Jun 2018 12:02:13 +0200
Subject: [PATCH] Fix yet another buffer overflow in the braille table parser

Reported by Henri Salo

Fixes #591

Backported by Mike Gorse <mgorse@suse.com>
---
diff -urp liblouis-2.6.4.orig/liblouis/compileTranslationTable.c liblouis-2.6.4/liblouis/compileTranslationTable.c
--- liblouis-2.6.4.orig/liblouis/compileTranslationTable.c	2018-08-08 16:24:18.524561492 -0500
+++ liblouis-2.6.4/liblouis/compileTranslationTable.c	2018-08-08 16:27:12.765835692 -0500
@@ -1548,14 +1548,14 @@ parseChars (FileInfo * nested, CharsStri
 	    }
 	  utf32 = (utf32 << 6) + (token->chars[in++] & 0x3f);
 	}
-      if (CHARSIZE == 2 && utf32 > 0xffff)
-	utf32 = 0xffff;
-      result->chars[out++] = (widechar) utf32;
       if (out >= MAXSTRING)
 	{
 	  result->length = lastOutSize;
 	  return 1;
 	}
+      if (CHARSIZE == 2 && utf32 > 0xffff)
+	utf32 = 0xffff;
+      result->chars[out++] = (widechar) utf32;
     }
   result->length = out;
   return 1;
Only in liblouis-2.6.4.orig/liblouis: compileTranslationTable.c.orig
diff -urp liblouis-2.6.4.orig/tools/lou_translate.c liblouis-2.6.4/tools/lou_translate.c
--- liblouis-2.6.4.orig/tools/lou_translate.c	2015-08-31 09:27:50.000000000 -0500
+++ liblouis-2.6.4/tools/lou_translate.c	2018-08-08 16:28:06.626227516 -0500
@@ -32,8 +32,6 @@
 #include "progname.h"
 #include "version-etc.h"
 
-#define BUFSIZE MAXSTRING - 4
-
 static int forward_flag = 0;
 static int backward_flag = 0;
 
@@ -54,10 +52,10 @@ const char version_etc_copyright[] =
 static void 
 translate_input (int forward_translation, char *table_name)
 {
-  char charbuf[BUFSIZE];
+  char charbuf[MAXSTRING];
   char *outputbuf;
-  widechar inbuf[BUFSIZE];
-  widechar transbuf[BUFSIZE];
+  widechar inbuf[MAXSTRING];
+  widechar transbuf[MAXSTRING];
   int inlen;
   int translen;
   int k;
@@ -65,9 +63,9 @@ translate_input (int forward_translation
   int result;
   while (1)
     {
-      translen = BUFSIZE;
+      translen = MAXSTRING;
       k = 0;
-      while ((ch = getchar ()) != '\n' && ch != EOF && k < BUFSIZE)
+      while ((ch = getchar ()) != '\n' && ch != EOF && k < MAXSTRING)
 	charbuf[k++] = ch;
       if (ch == EOF && k == 0)
 	break;
openSUSE Build Service is sponsored by