Overview

File liblouis-CVE-2023-26767.patch of Package liblouis.28479

diff -Nura liblouis-3.11.0/liblouis/compileTranslationTable.c liblouis-3.11.0_new/liblouis/compileTranslationTable.c
--- liblouis-3.11.0/liblouis/compileTranslationTable.c	2023-03-30 15:51:40.345917442 +0800
+++ liblouis-3.11.0_new/liblouis/compileTranslationTable.c	2023-03-30 16:01:18.459972688 +0800
@@ -58,7 +58,7 @@
 lou_setDataPath(const char *path) {
 	static char dataPath[MAXSTRING];
 	dataPathPtr = NULL;
-	if (path == NULL) return NULL;
+        if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
 	strcpy(dataPath, path);
 	dataPathPtr = dataPath;
 	return dataPathPtr;
diff -Nura liblouis-3.11.0/liblouis/liblouis.h.in liblouis-3.11.0_new/liblouis/liblouis.h.in
--- liblouis-3.11.0/liblouis/liblouis.h.in	2019-08-28 17:08:44.000000000 +0800
+++ liblouis-3.11.0_new/liblouis/liblouis.h.in	2023-03-30 16:01:58.091517773 +0800
@@ -283,7 +283,8 @@
 /**
  * Set the path used for searching for tables and liblouisutdml files.
  *
- * Overrides the installation path. */
+ * Overrides the installation path. Returns NULL if `path` is NULL or
+ * if the length of `path` is equal or longer than `MAXSTRING`. */
 LIBLOUIS_API
 char *EXPORT_CALL
 lou_setDataPath(const char *path);
openSUSE Build Service is sponsored by
Places