Overview

File CVE-2018-11684.patch of Package liblouis.24590

From fb2bfce4ed49ac4656a8f7e5b5526e4838da1dde Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Mon, 4 Jun 2018 14:11:50 +0200
Subject: [PATCH] Fix yet another buffer overflow in the braille table parser

Reported by Henri Salo

Fixes #592

Rebased by Mike Gorse <mgorse@suse.com>
---
diff -urp liblouis-3.3.0.orig/liblouis/compileTranslationTable.c liblouis-3.3.0/liblouis/compileTranslationTable.c
--- liblouis-3.3.0.orig/liblouis/compileTranslationTable.c	2018-08-08 10:36:16.356791029 -0500
+++ liblouis-3.3.0/liblouis/compileTranslationTable.c	2018-08-08 11:02:12.561892590 -0500
@@ -5295,6 +5295,10 @@ includeFile (FileInfo * nested, CharsStr
   int rv;
   for (k = 0; k < includedFile->length; k++)
     includeThis[k] = (char) includedFile->chars[k];
+	if (k >= MAXSTRING) {
+		compileError(nested, "Include statement too long: 'include %s'", includeThis);
+		return 0;
+	}
   includeThis[k] = 0;
   tableFiles = _lou_resolveTable (includeThis, nested->fileName);
   if (tableFiles == NULL)
@@ -5304,9 +5308,10 @@ includeFile (FileInfo * nested, CharsStr
     }
   if (tableFiles[1] != NULL)
     {
-      errorCount++;
       free_tablefiles(tableFiles);
-      _lou_logMessage (LOG_ERROR, "Table list not supported in include statement: 'include %s'", includeThis);
+		compileError(nested,
+ 				"Table list not supported in include statement: 'include %s'",
+ 				includeThis);
       return 0;
     }
   rv = compileFile (*tableFiles, characterClasses, characterClassAttribute, opcodeLengths, newRuleOffset, newRule, ruleNames);
openSUSE Build Service is sponsored by
Places