1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
From d45430431f8c75941f863328eb3f7fc09f902b2e Mon Sep 17 00:00:00 2001
From: Marsman1996 <lqliuyuwei@outlook.com>
Date: Wed, 8 Feb 2023 22:10:01 +0800
Subject: [PATCH 1/3] Check the path length before coping into tableFile
---
liblouis/compileTranslationTable.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
index 3c74929bcb..2da766e169 100644
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -4539,7 +4539,9 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
char *tableFile;
static struct stat info;
- if (table == NULL || table[0] == '\0') return NULL;
+ if (table == NULL || table[0] == '\0' ||
+ strlen(table) >= MAXSTRING * sizeof(char) * 2)
+ return NULL;
tableFile = (char *)malloc(MAXSTRING * sizeof(char) * 2);
//
@@ -4547,10 +4549,13 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
//
if (base) {
int k;
+ if (strlen(base) >= MAXSTRING * sizeof(char) * 2) goto failure;
strcpy(tableFile, base);
k = (int)strlen(tableFile);
while (k >= 0 && tableFile[k] != '/' && tableFile[k] != '\\') k--;
tableFile[++k] = '\0';
+ if (strlen(tableFile) + strlen(table) >= MAXSTRING * sizeof(char) * 2)
+ goto failure;
strcat(tableFile, table);
if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -4582,6 +4587,10 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
last = (*cp == '\0');
*cp = '\0';
if (dir == cp) dir = ".";
+ if (strlen(dir) + strlen(table) + 1 >= MAXSTRING * sizeof(char) * 2) {
+ free(searchPath_copy);
+ goto failure;
+ }
sprintf(tableFile, "%s%c%s", dir, DIR_SEP, table);
if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -4589,6 +4598,10 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
return tableFile;
}
if (last) break;
+ if (strlen(dir) + strlen(table) + 16 >= MAXSTRING * sizeof(char) * 2) {
+ free(searchPath_copy);
+ goto failure;
+ }
sprintf(tableFile, "%s%c%s%c%s%c%s", dir, DIR_SEP, "liblouis", DIR_SEP,
"tables", DIR_SEP, table);
if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
@@ -4600,6 +4613,7 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
}
free(searchPath_copy);
}
+failure:
free(tableFile);
return NULL;
}
From 6f39e88745e8ec602ccc46042c305a6188f28b0a Mon Sep 17 00:00:00 2001
From: Marsman1996 <lqliuyuwei@outlook.com>
Date: Wed, 8 Feb 2023 22:40:52 +0800
Subject: [PATCH 2/3] fix format: 1. define MAX_TABLEFILE_SIZE 2. parse the
magic number
---
liblouis/compileTranslationTable.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
index 2da766e169..f334a38371 100644
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -4539,23 +4539,21 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
char *tableFile;
static struct stat info;
- if (table == NULL || table[0] == '\0' ||
- strlen(table) >= MAXSTRING * sizeof(char) * 2)
- return NULL;
- tableFile = (char *)malloc(MAXSTRING * sizeof(char) * 2);
+#define MAX_TABLEFILE_SIZE MAXSTRING * sizeof(char) * 2
+ if (table == NULL || table[0] == '\0') return NULL;
+ tableFile = (char *)malloc(MAX_TABLEFILE_SIZE);
//
// First try to resolve against base
//
if (base) {
int k;
- if (strlen(base) >= MAXSTRING * sizeof(char) * 2) goto failure;
+ if (strlen(base) >= MAX_TABLEFILE_SIZE) goto failure;
strcpy(tableFile, base);
k = (int)strlen(tableFile);
while (k >= 0 && tableFile[k] != '/' && tableFile[k] != '\\') k--;
tableFile[++k] = '\0';
- if (strlen(tableFile) + strlen(table) >= MAXSTRING * sizeof(char) * 2)
- goto failure;
+ if (strlen(tableFile) + strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
strcat(tableFile, table);
if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -4567,6 +4565,7 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
// It could be an absolute path, or a path relative to the current working
// directory
//
+ if (strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
strcpy(tableFile, table);
if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
@@ -4587,7 +4586,7 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
last = (*cp == '\0');
*cp = '\0';
if (dir == cp) dir = ".";
- if (strlen(dir) + strlen(table) + 1 >= MAXSTRING * sizeof(char) * 2) {
+ if (strlen(dir) + strlen(table) + 1 >= MAX_TABLEFILE_SIZE) {
free(searchPath_copy);
goto failure;
}
@@ -4598,7 +4597,8 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
return tableFile;
}
if (last) break;
- if (strlen(dir) + strlen(table) + 16 >= MAXSTRING * sizeof(char) * 2) {
+ if (strlen(dir) + strlen("liblouis") + strlen("tables") + strlen(table) + 3 >=
+ MAX_TABLEFILE_SIZE) {
free(searchPath_copy);
goto failure;
}
From 9f6cec9b63c1d9396fcc32fed77267a2815b648f Mon Sep 17 00:00:00 2001
From: Marsman1996 <lqliuyuwei@outlook.com>
Date: Wed, 8 Feb 2023 23:01:56 +0800
Subject: [PATCH 3/3] add parentheses for define expression
---
liblouis/compileTranslationTable.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
index f334a38371..3575792796 100644
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -4539,7 +4539,7 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
char *tableFile;
static struct stat info;
-#define MAX_TABLEFILE_SIZE MAXSTRING * sizeof(char) * 2
+#define MAX_TABLEFILE_SIZE (MAXSTRING * sizeof(char) * 2)
if (table == NULL || table[0] == '\0') return NULL;
tableFile = (char *)malloc(MAX_TABLEFILE_SIZE);
|
