Overview

File liblouis-CVE-2023-26767.patch of Package liblouis.33555

diff -Nura liblouis-3.20.0/liblouis/compileTranslationTable.c liblouis-3.20.0_new/liblouis/compileTranslationTable.c
--- liblouis-3.20.0/liblouis/compileTranslationTable.c	2023-03-30 05:34:40.036262220 +0800
+++ liblouis-3.20.0_new/liblouis/compileTranslationTable.c	2023-03-30 05:47:07.130908866 +0800
@@ -58,7 +58,7 @@
 lou_setDataPath(const char *path) {
 	static char dataPath[MAXSTRING];
 	dataPathPtr = NULL;
-	if (path == NULL) return NULL;
+        if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
 	strcpy(dataPath, path);
 	dataPathPtr = dataPath;
 	return dataPathPtr;
diff -Nura liblouis-3.20.0/liblouis/liblouis.h.in liblouis-3.20.0_new/liblouis/liblouis.h.in
--- liblouis-3.20.0/liblouis/liblouis.h.in	2021-03-17 22:07:59.000000000 +0800
+++ liblouis-3.20.0_new/liblouis/liblouis.h.in	2023-03-30 05:47:56.987420272 +0800
@@ -283,7 +283,8 @@
 /**
  * Set the path used for searching for tables and liblouisutdml files.
  *
- * Overrides the installation path. */
+ * Overrides the installation path. Returns NULL if `path` is NULL or
+ * if the length of `path` is equal or longer than `MAXSTRING`. */
 LIBLOUIS_API
 char *EXPORT_CALL
 lou_setDataPath(const char *path);
openSUSE Build Service is sponsored by
Places