File liblouis-CVE-2023-26768.patch of Package liblouis
diff -Nura liblouis-3.20.0/liblouis/logging.c liblouis-3.20.0_new/liblouis/logging.c
--- liblouis-3.20.0/liblouis/logging.c 2021-03-17 22:07:59.000000000 +0800
+++ liblouis-3.20.0_new/liblouis/logging.c 2023-04-06 12:22:37.684314939 +0800
@@ -116,9 +116,10 @@
}
}
}
+#define FILENAMESIZE 256
static FILE *logFile = NULL;
-static char initialLogFileName[256] = "";
+static char initialLogFileName[FILENAMESIZE] = "";
void EXPORT_CALL
lou_logFile(const char *fileName) {
@@ -126,7 +127,7 @@
fclose(logFile);
logFile = NULL;
}
- if (fileName == NULL || fileName[0] == 0) return;
+ if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
logFile = fopen(fileName, "a");
if (logFile == NULL && initialLogFileName[0] != 0)