Blame texlive-base-20190410-CVE-2019-19601.patch
|
 |
e019b9c |
diff -up texlive-base-20190410/source/texk/detex/detex-src/detex.l.me texlive-base-20190410/source/texk/detex/detex-src/detex.l
|
|
|
e019b9c |
--- texlive-base-20190410/source/texk/detex/detex-src/detex.l.me 2020-02-05 12:54:36.100840384 +0100
|
|
|
e019b9c |
+++ texlive-base-20190410/source/texk/detex/detex-src/detex.l 2020-02-05 13:00:28.476320773 +0100
|
|
|
e019b9c |
@@ -898,10 +898,10 @@ TexOpen(char *sbFile)
|
|
|
e019b9c |
#else
|
|
|
e019b9c |
if (*sbFile == '/') { /* absolute path */
|
|
|
e019b9c |
#endif
|
|
|
e019b9c |
- (void)sprintf(sbFullPath, "%s", sbFile);
|
|
|
e019b9c |
+ (void)snprintf(sbFullPath, PATH_MAX-1, "%s", sbFile);
|
|
|
e019b9c |
iPath = csbInputPaths; /* only check once */
|
|
|
e019b9c |
} else
|
|
|
e019b9c |
- (void)sprintf(sbFullPath, "%s/%s", rgsbInputPaths[iPath], sbFile);
|
|
|
e019b9c |
+ (void)snprintf(sbFullPath, PATH_MAX-1, "%s/%s", rgsbInputPaths[iPath], sbFile);
|
|
|
e019b9c |
#ifdef OS2
|
|
|
e019b9c |
pch = sbFullPath;
|
|
|
e019b9c |
while (pch = strchr(pch, '\\'))
|