Overview

File liblouis-CVE-2023-26769.patch of Package liblouis.28498

diff -Nura liblouis-2.6.4/liblouis/compileTranslationTable.c liblouis-2.6.4_new/liblouis/compileTranslationTable.c
--- liblouis-2.6.4/liblouis/compileTranslationTable.c	2023-04-02 22:26:44.259285917 +0800
+++ liblouis-2.6.4_new/liblouis/compileTranslationTable.c	2023-04-02 23:04:54.926640037 +0800
@@ -4609,9 +4609,10 @@
   char *tableFile;
   static struct stat info;
   
+#define MAX_TABLEFILE_SIZE (MAXSTRING * sizeof(char) * 2)
   if (table == NULL || table[0] == '\0')
     return NULL;
-  tableFile = (char *) malloc (MAXSTRING * sizeof(char) * 2);
+  tableFile = (char *)malloc(MAX_TABLEFILE_SIZE);
   
   //
   // First try to resolve against base
@@ -4619,10 +4620,12 @@
   if (base)
     {
       int k;
+      if (strlen(base) >= MAX_TABLEFILE_SIZE) goto failure;
       strcpy (tableFile, base);
       for (k = strlen (tableFile); k >= 0 && tableFile[k] != DIR_SEP; k--)
 	;
       tableFile[++k] = '\0';
+      if (strlen(tableFile) + strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
       strcat (tableFile, table);
       if (stat (tableFile, &info) == 0 && !(info.st_mode & S_IFDIR))
 	return tableFile;
@@ -4632,6 +4635,7 @@
   // It could be an absolute path, or a path relative to the current working
   // directory
   //
+  if (strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
   strcpy (tableFile, table);
   if (stat (tableFile, &info) == 0 && !(info.st_mode & S_IFDIR))
     return tableFile;
@@ -4653,6 +4657,10 @@
 	  *cp = '\0';
 	  if (dir == cp)
 	    dir = ".";
+          if (strlen(dir) + strlen(table) + 1 >= MAX_TABLEFILE_SIZE) {
+                  free(searchPath_copy);
+                  goto failure;
+          }
 	  sprintf (tableFile, "%s%c%s", dir, DIR_SEP, table);
 	  if (stat (tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) 
 	    {
@@ -4661,9 +4669,22 @@
 	    }
 	  if (last)
 	    break;
+          if (strlen(dir) + strlen("liblouis") + strlen("tables") + strlen(table) + 3 >=
+                          MAX_TABLEFILE_SIZE) {
+                  free(searchPath_copy);
+                  goto failure;
+          }
+          sprintf(tableFile, "%s%c%s%c%s%c%s", dir, DIR_SEP, "liblouis", DIR_SEP,
+                          "tables", DIR_SEP, table);
+          if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
+                  free(searchPath_copy);
+                  return tableFile;
+          }
+          if (last) break;  
 	}
       free(searchPath_copy);
     }
+failure:
   free (tableFile);
   return NULL;
 }
openSUSE Build Service is sponsored by
Places