[packages/texlive.git] / texlive-CVE-2007-4033.patch

diff -up tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033 tetex-src-3.0/libs/t1lib/t1env.c
--- tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033	2004-01-27 23:26:31.000000000 +0100
+++ tetex-src-3.0/libs/t1lib/t1env.c	2007-11-02 12:48:20.000000000 +0100
@@ -568,6 +568,12 @@ char *intT1_Env_GetCompletePath( char *F
 #endif 
     strcat( pathbuf, DIRECTORY_SEP);
     /* And finally the filename: */
+    /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
+       let's try next pathbuf */
+    if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
+	i++;
+    	continue;
+    }
     strcat( pathbuf, StrippedName);
     
     /* Check for existence of the path: */
Commit	Line	Data
768e5264 AM	1	diff -up tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033 tetex-src-3.0/libs/t1lib/t1env.c
	2	--- tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033 2004-01-27 23:26:31.000000000 +0100
	3	+++ tetex-src-3.0/libs/t1lib/t1env.c 2007-11-02 12:48:20.000000000 +0100
	4	@@ -568,6 +568,12 @@ char intT1_Env_GetCompletePath( char F
	5	#endif
	6	strcat( pathbuf, DIRECTORY_SEP);
	7	/* And finally the filename: */
	8	+ /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
	9	+ let's try next pathbuf */
	10	+ if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
	11	+ i++;
	12	+ continue;
	13	+ }
	14	strcat( pathbuf, StrippedName);
	15
	16	/* Check for existence of the path: */