File 0002-resolveSubtable-Fix-buffer-overflow-parsin... of Package python3-louis.10567

Overview Repositories Revisions Requests Users Attributes Meta

File 0002-resolveSubtable-Fix-buffer-overflow-parsing-a-malfor.patch of Package python3-louis.10567

From d8cfdf1ab64a4c9c6685efe45bc735f68dac618c Mon Sep 17 00:00:00 2001
From: Mike Gorse <mgorse@suse.com>
Date: Wed, 30 Aug 2017 12:53:02 -0500
Subject: [PATCH 2/4] resolveSubtable: Fix buffer overflow parsing a malformed
 table

The subtable's name can theoretically be up to MAXSTRING characters long.
The base name is then copied into a buffer, and the subtable's name is
appended, so we should allocate more than MAXSTRING bytes for the buffer.

Fixes CVE-2017-13739, CVE-2017-13740, and CVE-2017-13742.
---
diff -urp liblouis-2.6.4.orig/liblouis/compileTranslationTable.c liblouis-2.6.4/liblouis/compileTranslationTable.c
--- liblouis-2.6.4.orig/liblouis/compileTranslationTable.c	2017-09-06 16:06:31.426391744 -0500
+++ liblouis-2.6.4/liblouis/compileTranslationTable.c	2017-09-06 16:07:30.870652352 -0500
@@ -4529,7 +4529,7 @@ resolveSubtable (const char *table, cons
   
   if (table == NULL || table[0] == '\0')
     return NULL;
-  tableFile = (char *) malloc (MAXSTRING * sizeof(char));
+  tableFile = (char *) malloc (MAXSTRING * sizeof(char) * 2);
   
   //
   // First try to resolve against base

Places

File 0002-resolveSubtable-Fix-buffer-overflow-parsing-a-malfor.patch of Package python3-louis.10567

Places