File liblouis-CVE-2023-26768.patch of Package liblouis.28567

diff -Nura liblouis-3.3.0/liblouis/logging.c liblouis-3.3.0_new/liblouis/logging.c
--- liblouis-3.3.0/liblouis/logging.c	2017-09-04 22:40:14.000000000 +0800
+++ liblouis-3.3.0_new/liblouis/logging.c	2023-04-06 21:35:50.452703213 +0800
@@ -124,9 +124,10 @@
     }
 }
 
+#define FILENAMESIZE 256
 
 static FILE *logFile = NULL;
-static char initialLogFileName[256] = "";
+static char initialLogFileName[FILENAMESIZE] = "";
 
 void EXPORT_CALL
 lou_logFile (const char *fileName)
@@ -136,8 +137,7 @@
 		fclose(logFile);
 		logFile = NULL;
 	}
-  if (fileName == NULL || fileName[0] == 0)
-    return;
+  if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
   if (initialLogFileName[0] == 0)
     strcpy (initialLogFileName, fileName);
   logFile = fopen (fileName, "a");

Places

File liblouis-CVE-2023-26768.patch of Package liblouis.28567

Places