Overview

File liblouis-CVE-2023-26767.patch of Package liblouis.28567

diff -Nura liblouis-3.3.0/liblouis/compileTranslationTable.c liblouis-3.3.0_new/liblouis/compileTranslationTable.c
--- liblouis-3.3.0/liblouis/compileTranslationTable.c	2023-03-30 16:34:51.573810355 +0800
+++ liblouis-3.3.0_new/liblouis/compileTranslationTable.c	2023-03-30 16:49:47.813962233 +0800
@@ -60,8 +60,7 @@
 {
   static char dataPath[MAXSTRING];
   dataPathPtr = NULL;
-  if (path == NULL)
-    return NULL;
+  if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
   strcpy (dataPath, path);
   dataPathPtr = dataPath;
   return dataPathPtr;
diff -Nura liblouis-3.3.0/liblouis/liblouis.h.in liblouis-3.3.0_new/liblouis/liblouis.h.in
--- liblouis-3.3.0/liblouis/liblouis.h.in	2017-09-04 22:40:14.000000000 +0800
+++ liblouis-3.3.0_new/liblouis/liblouis.h.in	2023-03-30 16:51:03.837762301 +0800
@@ -259,7 +259,8 @@
 /**
  * Set the path used for searching for tables and liblouisutdml files.
  *
- * Overrides the installation path. */
+ * Overrides the installation path. Returns NULL if `path` is NULL or
+ * if the length of `path` is equal or longer than `MAXSTRING`. */
 LIBLOUIS_API
 char *EXPORT_CALL lou_setDataPath(const char *path);
openSUSE Build Service is sponsored by
Places