File CVE-2018-11684.patch of Package python-louis

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-11684.patch of Package python-louis

From fb2bfce4ed49ac4656a8f7e5b5526e4838da1dde Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Mon, 4 Jun 2018 14:11:50 +0200
Subject: [PATCH] Fix yet another buffer overflow in the braille table parser

Reported by Henri Salo

Fixes #592

Backported by Mike Gorse <mgorse@suse.com>
---
diff -urp liblouis-2.6.4.orig/liblouis/compileTranslationTable.c liblouis-2.6.4/liblouis/compileTranslationTable.c
--- liblouis-2.6.4.orig/liblouis/compileTranslationTable.c	2018-08-08 16:28:44.810504753 -0500
+++ liblouis-2.6.4/liblouis/compileTranslationTable.c	2018-08-08 16:35:56.241605449 -0500
@@ -4848,6 +4848,10 @@ includeFile (FileInfo * nested, CharsStr
   int rv;
   for (k = 0; k < includedFile->length; k++)
     includeThis[k] = (char) includedFile->chars[k];
+	if (k >= MAXSTRING) {
+		compileError(nested, "Include statement too long: 'include %s'", includeThis);
+		return 0;
+	}
   includeThis[k] = 0;
   tableFiles = resolveTable (includeThis, nested->fileName);
   if (tableFiles == NULL)
@@ -4857,9 +4861,10 @@ includeFile (FileInfo * nested, CharsStr
     }
   if (tableFiles[1] != NULL)
     {
-      errorCount++;
       free_tablefiles(tableFiles);
-      logMessage (LOG_ERROR, "Table list not supported in include statement: 'include %s'", includeThis);
+		compileError(nested,
+				"Table list not supported in include statement: 'include %s'",
+				includeThis);
       return 0;
     }
   rv = compileFile (*tableFiles);

Places

File CVE-2018-11684.patch of Package python-louis

Places