rpms/liblouis
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2023-26767 (#2181147)

Browse Source 
Resolves: #2181147
This commit is contained in:
David King 2023-04-03 12:19:59 +01:00
parent 2e385afaf1
commit 9b99821586
2 changed files with 49 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
liblouis-3.16.1-fix-CVE-2023-26767.patch Normal file
View File

@ -0,0 +1,42 @@
From f432de31058b5a94874d47405216d07910c18a9a Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Wed, 8 Feb 2023 11:18:27 +0100
Subject: [PATCH] Check the length of path before copying into dataPath
See https://lwn.net/Articles/507319/ for more background on the
security problems of strcpy.
Fixes #1292
---
NEWS | 2 ++
liblouis/compileTranslationTable.c | 2 +-
liblouis/liblouis.h.in | 3 ++-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
index cbc6ae1614..3c74929bcb 100644
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -58,7 +58,7 @@ char *EXPORT_CALL
lou_setDataPath(const char *path) {
static char dataPath[MAXSTRING];
dataPathPtr = NULL;
- if (path == NULL) return NULL;
+ if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
strcpy(dataPath, path);
dataPathPtr = dataPath;
return dataPathPtr;
diff --git a/liblouis/liblouis.h.in b/liblouis/liblouis.h.in
index 88d7996895..c51305f7ad 100644
--- a/liblouis/liblouis.h.in
+++ b/liblouis/liblouis.h.in
@@ -283,7 +283,8 @@ lou_getEmphClasses(const char *tableList);
/**
* Set the path used for searching for tables and liblouisutdml files.
*
- * Overrides the installation path. */
+ * Overrides the installation path. Returns NULL if `path` is NULL or
+ * if the length of `path` is equal or longer than `MAXSTRING`. */
LIBLOUIS_API
char *EXPORT_CALL
lou_setDataPath(const char *path);

9
liblouis.spec
View File

@ -3,12 +3,14 @@
Name: liblouis Name: liblouis
Version: 3.16.1 Version: 3.16.1
Release: 4%{?dist} Release: 5%{?dist}
Summary: Braille translation and back-translation library Summary: Braille translation and back-translation library
License: LGPLv3+ License: LGPLv3+
URL: http://liblouis.org URL: http://liblouis.org
Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
# https://bugzilla.redhat.com/show_bug.cgi?id=2181147
Patch0: liblouis-3.16.1-fix-CVE-2023-26767.patch
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: gcc BuildRequires: gcc
@ -81,7 +83,7 @@ This package provides the documentation for liblouis.
%prep %prep
%setup -q %autosetup -p1
%build %build
@ -143,6 +145,9 @@ done
%changelog %changelog
* Mon Apr 03 2023 David King <amigadave@amigadave.com> - 3.16.1-5
- Fix CVE-2023-26767 (#2181147)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.1-4 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.1-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688 Related: rhbz#1991688