Overview

File liblouis-CVE-2023-26767.patch of Package liblouis.28498

diff -Nura liblouis-2.6.4/liblouis/compileTranslationTable.c liblouis-2.6.4_new/liblouis/compileTranslationTable.c
--- liblouis-2.6.4/liblouis/compileTranslationTable.c	2023-03-30 21:20:00.153963081 +0800
+++ liblouis-2.6.4_new/liblouis/compileTranslationTable.c	2023-03-30 21:48:14.815254866 +0800
@@ -146,8 +146,7 @@
 lou_setDataPath (char *path)
 {
   dataPathPtr = NULL;
-  if (path == NULL)
-    return NULL;
+  if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
   strcpy (dataPath, path);
   dataPathPtr = dataPath;
   return dataPathPtr;
diff -Nura liblouis-2.6.4/liblouis/liblouis.h.in liblouis-2.6.4_new/liblouis/liblouis.h.in
--- liblouis-2.6.4/liblouis/liblouis.h.in	2015-08-31 22:27:50.000000000 +0800
+++ liblouis-2.6.4_new/liblouis/liblouis.h.in	2023-03-30 21:53:08.992099650 +0800
@@ -144,6 +144,11 @@
 
   int EXPORT_CALL lou_compileString (const char *tableList, const char
 				     *inString);
+/**
+ * Set the path used for searching for tables and liblouisutdml files.
+ *
+ * Overrides the installation path. Returns NULL if `path` is NULL or
+ * if the length of `path` is equal or longer than `MAXSTRING`. */
   char *EXPORT_CALL lou_setDataPath (char *path);
   /* Set the path used for searching for tables and liblouisutdml files. 
    * Overrides the installation path. */
openSUSE Build Service is sponsored by
Places