Overview

File liblouis-CVE-2023-26769.patch of Package liblouis.28479

diff -Nura liblouis-3.11.0/liblouis/compileTranslationTable.c liblouis-3.11.0_new/liblouis/compileTranslationTable.c
--- liblouis-3.11.0/liblouis/compileTranslationTable.c	2023-04-02 19:29:38.218146989 +0800
+++ liblouis-3.11.0_new/liblouis/compileTranslationTable.c	2023-04-02 20:18:13.767616894 +0800
@@ -3912,18 +3912,21 @@
 	char *tableFile;
 	static struct stat info;
 
+#define MAX_TABLEFILE_SIZE (MAXSTRING * sizeof(char) * 2)
 	if (table == NULL || table[0] == '\0') return NULL;
-	tableFile = (char *)malloc(MAXSTRING * sizeof(char) * 2);
+	tableFile = (char *)malloc(MAX_TABLEFILE_SIZE);
 
 	//
 	// First try to resolve against base
 	//
 	if (base) {
 		int k;
+                if (strlen(base) >= MAX_TABLEFILE_SIZE) goto failure;
 		strcpy(tableFile, base);
 		k = (int)strlen(tableFile);
 		while (k >= 0 && tableFile[k] != '/' && tableFile[k] != '\\') k--;
 		tableFile[++k] = '\0';
+                if (strlen(tableFile) + strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
 		strcat(tableFile, table);
 		if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
 			_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -3935,6 +3938,7 @@
 	// It could be an absolute path, or a path relative to the current working
 	// directory
 	//
+        if (strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
 	strcpy(tableFile, table);
 	if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
 		_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -3955,6 +3959,10 @@
 			last = (*cp == '\0');
 			*cp = '\0';
 			if (dir == cp) dir = ".";
+                        if (strlen(dir) + strlen(table) + 1 >= MAX_TABLEFILE_SIZE) {
+				free(searchPath_copy);
+				goto failure;
+			}
 			sprintf(tableFile, "%s%c%s", dir, DIR_SEP, table);
 			if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
 				_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -3962,6 +3970,11 @@
 				return tableFile;
 			}
 			if (last) break;
+			if (strlen(dir) + strlen("liblouis") + strlen("tables") + strlen(table) + 3 >=
+					MAX_TABLEFILE_SIZE) {
+				free(searchPath_copy);
+				goto failure;
+			}
 			sprintf(tableFile, "%s%c%s%c%s%c%s", dir, DIR_SEP, "liblouis", DIR_SEP,
 					"tables", DIR_SEP, table);
 			if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
@@ -3973,6 +3986,7 @@
 		}
 		free(searchPath_copy);
 	}
+failure:
 	free(tableFile);
 	return NULL;
 }
openSUSE Build Service is sponsored by
Places