Package: liblouis / 3.0.0-3+deb9u4

cve-2018-11684 Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
commit fb2bfce4ed49ac4656a8f7e5b5526e4838da1dde
Author: Christian Egli <christian.egli@sbs.ch>
Date:   Mon Jun 4 14:11:50 2018 +0200

    Fix yet another buffer overflow in the braille table parser
    
    Reported by Henri Salo
    
    Fixes #592

---
 liblouis/compileTranslationTable.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -5216,6 +5216,10 @@ includeFile (FileInfo * nested, CharsStr
   int rv;
   for (k = 0; k < includedFile->length; k++)
     includeThis[k] = (char) includedFile->chars[k];
+  if (k >= MAXSTRING) {
+    compileError(nested, "Include statement too long: 'include %s'", includeThis);
+    return 0;
+  }
   includeThis[k] = 0;
   tableFiles = resolveTable (includeThis, nested->fileName);
   if (tableFiles == NULL)
@@ -5225,9 +5229,8 @@ includeFile (FileInfo * nested, CharsStr
     }
   if (tableFiles[1] != NULL)
     {
-      errorCount++;
       free_tablefiles(tableFiles);
-      logMessage (LOG_ERROR, "Table list not supported in include statement: 'include %s'", includeThis);
+      compileError(nested, "Table list not supported in include statement: 'include %s'", includeThis);
       return 0;
     }
   rv = compileFile (*tableFiles);