File liblouis-CVE-2023-26767.patch of Package liblouis.28479
diff -Nura liblouis-3.11.0/liblouis/compileTranslationTable.c liblouis-3.11.0_new/liblouis/compileTranslationTable.c
--- liblouis-3.11.0/liblouis/compileTranslationTable.c 2023-03-30 15:51:40.345917442 +0800
+++ liblouis-3.11.0_new/liblouis/compileTranslationTable.c 2023-03-30 16:01:18.459972688 +0800
@@ -58,7 +58,7 @@
lou_setDataPath(const char *path) {
static char dataPath[MAXSTRING];
dataPathPtr = NULL;
- if (path == NULL) return NULL;
+ if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
strcpy(dataPath, path);
dataPathPtr = dataPath;
return dataPathPtr;
diff -Nura liblouis-3.11.0/liblouis/liblouis.h.in liblouis-3.11.0_new/liblouis/liblouis.h.in
--- liblouis-3.11.0/liblouis/liblouis.h.in 2019-08-28 17:08:44.000000000 +0800
+++ liblouis-3.11.0_new/liblouis/liblouis.h.in 2023-03-30 16:01:58.091517773 +0800
@@ -283,7 +283,8 @@
/**
* Set the path used for searching for tables and liblouisutdml files.
*
- * Overrides the installation path. */
+ * Overrides the installation path. Returns NULL if `path` is NULL or
+ * if the length of `path` is equal or longer than `MAXSTRING`. */
LIBLOUIS_API
char *EXPORT_CALL
lou_setDataPath(const char *path);