texlive/texlive-base-20190410-CVE-2019-19601.patch

17 lines
823 B
Diff
Raw Normal View History

2020-11-18 15:29:19 +00:00
diff -up texlive-base-20190410/source/texk/detex/detex-src/detex.l.me texlive-base-20190410/source/texk/detex/detex-src/detex.l
--- texlive-base-20190410/source/texk/detex/detex-src/detex.l.me 2020-02-05 12:54:36.100840384 +0100
+++ texlive-base-20190410/source/texk/detex/detex-src/detex.l 2020-02-05 13:00:28.476320773 +0100
@@ -898,10 +898,10 @@ TexOpen(char *sbFile)
#else
if (*sbFile == '/') { /* absolute path */
#endif
- (void)sprintf(sbFullPath, "%s", sbFile);
+ (void)snprintf(sbFullPath, PATH_MAX-1, "%s", sbFile);
iPath = csbInputPaths; /* only check once */
} else
- (void)sprintf(sbFullPath, "%s/%s", rgsbInputPaths[iPath], sbFile);
+ (void)snprintf(sbFullPath, PATH_MAX-1, "%s/%s", rgsbInputPaths[iPath], sbFile);
#ifdef OS2
pch = sbFullPath;
while (pch = strchr(pch, '\\'))