46 lines
1.5 KiB
Diff
46 lines
1.5 KiB
Diff
From f432de31058b5a94874d47405216d07910c18a9a Mon Sep 17 00:00:00 2001
|
|
From: Christian Egli <christian.egli@sbs.ch>
|
|
Date: Wed, 8 Feb 2023 11:18:27 +0100
|
|
Subject: [PATCH] Check the length of path before copying into dataPath
|
|
|
|
See https://lwn.net/Articles/507319/ for more background on the
|
|
security problems of strcpy.
|
|
|
|
Origin: https://github.com/liblouis/liblouis/commit/f432de3
|
|
|
|
---
|
|
liblouis/compileTranslationTable.c | 2 +-
|
|
liblouis/liblouis.h.in | 3 ++-
|
|
2 files changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
|
|
index 50b86a9..1efc57f 100644
|
|
--- a/liblouis/compileTranslationTable.c
|
|
+++ b/liblouis/compileTranslationTable.c
|
|
@@ -58,7 +58,7 @@ char *EXPORT_CALL
|
|
lou_setDataPath(const char *path) {
|
|
static char dataPath[MAXSTRING];
|
|
dataPathPtr = NULL;
|
|
- if (path == NULL) return NULL;
|
|
+ if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
|
|
strcpy(dataPath, path);
|
|
dataPathPtr = dataPath;
|
|
return dataPathPtr;
|
|
diff --git a/liblouis/liblouis.h.in b/liblouis/liblouis.h.in
|
|
index cde3e8b..42d2770 100644
|
|
--- a/liblouis/liblouis.h.in
|
|
+++ b/liblouis/liblouis.h.in
|
|
@@ -282,7 +282,8 @@ lou_getEmphClasses(const char *tableList);
|
|
/**
|
|
* Set the path used for searching for tables and liblouisutdml files.
|
|
*
|
|
- * Overrides the installation path. */
|
|
+ * Overrides the installation path. Returns NULL if `path` is NULL or
|
|
+ * if the length of `path` is equal or longer than `MAXSTRING`. */
|
|
LIBLOUIS_API
|
|
char *EXPORT_CALL
|
|
lou_setDataPath(const char *path);
|
|
--
|
|
2.33.0
|
|
|