blob: 8d37bdee5c39c62aea75167872e52e9ae6effa5e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From f432de31058b5a94874d47405216d07910c18a9a Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Wed, 8 Feb 2023 11:18:27 +0100
Subject: [PATCH] Check the length of path before copying into dataPath
See https://lwn.net/Articles/507319/ for more background on the
security problems of strcpy.
Fixes #1292
---
NEWS | 2 ++
liblouis/compileTranslationTable.c | 2 +-
liblouis/liblouis.h.in | 3 ++-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
index cbc6ae1614..3c74929bcb 100644
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -58,7 +58,7 @@ char *EXPORT_CALL
lou_setDataPath(const char *path) {
static char dataPath[MAXSTRING];
dataPathPtr = NULL;
- if (path == NULL) return NULL;
+ if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
strcpy(dataPath, path);
dataPathPtr = dataPath;
return dataPathPtr;
diff --git a/liblouis/liblouis.h.in b/liblouis/liblouis.h.in
index 88d7996895..c51305f7ad 100644
--- a/liblouis/liblouis.h.in
+++ b/liblouis/liblouis.h.in
@@ -283,7 +283,8 @@ lou_getEmphClasses(const char *tableList);
/**
* Set the path used for searching for tables and liblouisutdml files.
*
- * Overrides the installation path. */
+ * Overrides the installation path. Returns NULL if `path` is NULL or
+ * if the length of `path` is equal or longer than `MAXSTRING`. */
LIBLOUIS_API
char *EXPORT_CALL
lou_setDataPath(const char *path);
|
