Overview

File liblouis-CVE-2023-26768.patch of Package liblouis

diff -Nura liblouis-3.20.0/liblouis/logging.c liblouis-3.20.0_new/liblouis/logging.c
--- liblouis-3.20.0/liblouis/logging.c	2021-03-17 22:07:59.000000000 +0800
+++ liblouis-3.20.0_new/liblouis/logging.c	2023-04-06 12:22:37.684314939 +0800
@@ -116,9 +116,10 @@
 		}
 	}
 }
+#define FILENAMESIZE 256
 
 static FILE *logFile = NULL;
-static char initialLogFileName[256] = "";
+static char initialLogFileName[FILENAMESIZE] = "";
 
 void EXPORT_CALL
 lou_logFile(const char *fileName) {
@@ -126,7 +127,7 @@
 		fclose(logFile);
 		logFile = NULL;
 	}
-	if (fileName == NULL || fileName[0] == 0) return;
+        if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
 	if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
 	logFile = fopen(fileName, "a");
 	if (logFile == NULL && initialLogFileName[0] != 0)
openSUSE Build Service is sponsored by
Places