summaryrefslogtreecommitdiff
path: root/liblouis-3.16.1-fix-CVE-2023-26768.patch
diff options
context:
space:
mode:
Diffstat (limited to 'liblouis-3.16.1-fix-CVE-2023-26768.patch')
-rw-r--r--liblouis-3.16.1-fix-CVE-2023-26768.patch57
1 files changed, 57 insertions, 0 deletions
diff --git a/liblouis-3.16.1-fix-CVE-2023-26768.patch b/liblouis-3.16.1-fix-CVE-2023-26768.patch
new file mode 100644
index 0000000..ec6cb9d
--- /dev/null
+++ b/liblouis-3.16.1-fix-CVE-2023-26768.patch
@@ -0,0 +1,57 @@
+From 565ac66ec0c187ffb442226487de3db376702958 Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Thu, 9 Feb 2023 18:56:21 +0800
+Subject: [PATCH 1/2] Check filename before coping to initialLogFileName
+
+---
+ liblouis/logging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/liblouis/logging.c b/liblouis/logging.c
+index 9f470b45e5..7498deb758 100644
+--- a/liblouis/logging.c
++++ b/liblouis/logging.c
+@@ -126,7 +126,7 @@ lou_logFile(const char *fileName) {
+ fclose(logFile);
+ logFile = NULL;
+ }
+- if (fileName == NULL || fileName[0] == 0) return;
++ if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= 256) return;
+ if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
+ logFile = fopen(fileName, "a");
+ if (logFile == NULL && initialLogFileName[0] != 0)
+
+From 47822bb418fb77564c159469e3be79989b11aced Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Thu, 9 Feb 2023 21:00:36 +0800
+Subject: [PATCH 2/2] replace the magic number with a define
+
+---
+ liblouis/logging.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/liblouis/logging.c b/liblouis/logging.c
+index 7498deb758..2849cf26d4 100644
+--- a/liblouis/logging.c
++++ b/liblouis/logging.c
+@@ -117,8 +117,10 @@ _lou_logMessage(logLevels level, const char *format, ...) {
+ }
+ }
+
++#define FILENAMESIZE 256
++
+ static FILE *logFile = NULL;
+-static char initialLogFileName[256] = "";
++static char initialLogFileName[FILENAMESIZE] = "";
+
+ void EXPORT_CALL
+ lou_logFile(const char *fileName) {
+@@ -126,7 +128,7 @@ lou_logFile(const char *fileName) {
+ fclose(logFile);
+ logFile = NULL;
+ }
+- if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= 256) return;
++ if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
+ if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
+ logFile = fopen(fileName, "a");
+ if (logFile == NULL && initialLogFileName[0] != 0)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 19:56:49 +0000