path: root/liblouis-3.16.1-fix-CVE-2023-26768.patch

From 565ac66ec0c187ffb442226487de3db376702958 Mon Sep 17 00:00:00 2001
From: Marsman1996 <lqliuyuwei@outlook.com>
Date: Thu, 9 Feb 2023 18:56:21 +0800
Subject: [PATCH 1/2] Check filename before coping to initialLogFileName

---
 liblouis/logging.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/liblouis/logging.c b/liblouis/logging.c
index 9f470b45e5..7498deb758 100644
--- a/liblouis/logging.c
+++ b/liblouis/logging.c
@@ -126,7 +126,7 @@ lou_logFile(const char *fileName) {
 		fclose(logFile);
 		logFile = NULL;
 	}
-	if (fileName == NULL || fileName[0] == 0) return;
+	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= 256) return;
 	if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
 	logFile = fopen(fileName, "a");
 	if (logFile == NULL && initialLogFileName[0] != 0)

From 47822bb418fb77564c159469e3be79989b11aced Mon Sep 17 00:00:00 2001
From: Marsman1996 <lqliuyuwei@outlook.com>
Date: Thu, 9 Feb 2023 21:00:36 +0800
Subject: [PATCH 2/2] replace the magic number with a define

---
 liblouis/logging.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/liblouis/logging.c b/liblouis/logging.c
index 7498deb758..2849cf26d4 100644
--- a/liblouis/logging.c
+++ b/liblouis/logging.c
@@ -117,8 +117,10 @@ _lou_logMessage(logLevels level, const char *format, ...) {
 	}
 }
 
+#define FILENAMESIZE 256
+
 static FILE *logFile = NULL;
-static char initialLogFileName[256] = "";
+static char initialLogFileName[FILENAMESIZE] = "";
 
 void EXPORT_CALL
 lou_logFile(const char *fileName) {
@@ -126,7 +128,7 @@ lou_logFile(const char *fileName) {
 		fclose(logFile);
 		logFile = NULL;
 	}
-	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= 256) return;
+	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
 	if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
 	logFile = fopen(fileName, "a");
 	if (logFile == NULL && initialLogFileName[0] != 0)