packages/liblouis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
liblouis/CVE-2023-26768.patch
wk333 7715d4142d Fix CVE-2022-26981,CVE-2022-31783,CVE-2023-26767,CVE-2023-26768 
(cherry picked from commit 7aa4345cd64dffd6b393baedc1388815716728d9)
2023-12-11 17:58:41 +08:00

41 lines
1.2 KiB
Diff
Raw Permalink Blame History

From 565ac66ec0c187ffb442226487de3db376702958 Mon Sep 17 00:00:00 2001
From: Marsman1996 <lqliuyuwei@outlook.com>
Date: Thu, 9 Feb 2023 18:56:21 +0800
Subject: [PATCH] Check filename before coping to initialLogFileName
Origin: https://github.com/liblouis/liblouis/commit/565ac66
https://github.com/liblouis/liblouis/commit/47822bb
---
liblouis/logging.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/liblouis/logging.c b/liblouis/logging.c
index bbffdcc..10f0d9f 100644
--- a/liblouis/logging.c
+++ b/liblouis/logging.c
@@ -117,8 +117,10 @@ _lou_logMessage(logLevels level, const char *format, ...) {
}
}
+#define FILENAMESIZE 256
+
static FILE *logFile = NULL;
-static char initialLogFileName[256] = "";
+static char initialLogFileName[FILENAMESIZE] = "";
void EXPORT_CALL
lou_logFile(const char *fileName) {
@@ -126,7 +128,7 @@ lou_logFile(const char *fileName) {
fclose(logFile);
logFile = NULL;
}
- if (fileName == NULL || fileName[0] == 0) return;
+ if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
logFile = fopen(fileName, "a");
if (logFile == NULL && initialLogFileName[0] != 0)
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink