texlive-base/texlive-base-20190410-CVE-2019-19601.patch

diff -up texlive-base-20190410/source/texk/detex/detex-src/detex.l.me texlive-base-20190410/source/texk/detex/detex-src/detex.l
--- texlive-base-20190410/source/texk/detex/detex-src/detex.l.me	2020-02-05 12:54:36.100840384 +0100
+++ texlive-base-20190410/source/texk/detex/detex-src/detex.l	2020-02-05 13:00:28.476320773 +0100
@@ -898,10 +898,10 @@ TexOpen(char *sbFile)
 #else
 	    if (*sbFile == '/') {	/* absolute path */
 #endif
-		(void)sprintf(sbFullPath, "%s", sbFile);
+		(void)snprintf(sbFullPath, PATH_MAX-1, "%s", sbFile);
 		iPath = csbInputPaths;	/* only check once */
 	    } else
-		(void)sprintf(sbFullPath, "%s/%s", rgsbInputPaths[iPath], sbFile);
+		(void)snprintf(sbFullPath, PATH_MAX-1, "%s/%s", rgsbInputPaths[iPath], sbFile);
 #ifdef OS2
 	    pch = sbFullPath;
 	    while (pch = strchr(pch, '\\'))
fix bz#1798119 - buffer overflow in TexOpen() function, CVE-2019-19601 2020-02-05 12:07:20 +00:00			`diff -up texlive-base-20190410/source/texk/detex/detex-src/detex.l.me texlive-base-20190410/source/texk/detex/detex-src/detex.l`
			`--- texlive-base-20190410/source/texk/detex/detex-src/detex.l.me 2020-02-05 12:54:36.100840384 +0100`
			`+++ texlive-base-20190410/source/texk/detex/detex-src/detex.l 2020-02-05 13:00:28.476320773 +0100`
			`@@ -898,10 +898,10 @@ TexOpen(char *sbFile)`
			`#else`
			`if (sbFile == '/') { / absolute path */`
			`#endif`
			`- (void)sprintf(sbFullPath, "%s", sbFile);`
			`+ (void)snprintf(sbFullPath, PATH_MAX-1, "%s", sbFile);`
			`iPath = csbInputPaths; /* only check once */`
			`} else`
			`- (void)sprintf(sbFullPath, "%s/%s", rgsbInputPaths[iPath], sbFile);`
			`+ (void)snprintf(sbFullPath, PATH_MAX-1, "%s/%s", rgsbInputPaths[iPath], sbFile);`
			`#ifdef OS2`
			`pch = sbFullPath;`
			`while (pch = strchr(pch, '\\'))`