texlive/texlive-CVE-2007-4033.patch

diff -up tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033 tetex-src-3.0/libs/t1lib/t1env.c
--- tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033	2004-01-27 23:26:31.000000000 +0100
+++ tetex-src-3.0/libs/t1lib/t1env.c	2007-11-02 12:48:20.000000000 +0100
@@ -568,6 +568,12 @@ char *intT1_Env_GetCompletePath( char *F
 #endif 
     strcat( pathbuf, DIRECTORY_SEP);
     /* And finally the filename: */
+    /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
+       let's try next pathbuf */
+    if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
+	i++;
+    	continue;
+    }
     strcat( pathbuf, StrippedName);
     
     /* Check for existence of the path: */
initial import 2007-12-02 08:03:19 +00:00			`diff -up tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033 tetex-src-3.0/libs/t1lib/t1env.c`
			`--- tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033 2004-01-27 23:26:31.000000000 +0100`
			`+++ tetex-src-3.0/libs/t1lib/t1env.c 2007-11-02 12:48:20.000000000 +0100`
			`@@ -568,6 +568,12 @@ char intT1_Env_GetCompletePath( char F`
			`#endif`
			`strcat( pathbuf, DIRECTORY_SEP);`
			`/* And finally the filename: */`
			`+ /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf`
			`+ let's try next pathbuf */`
			`+ if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {`
			`+ i++;`
			`+ continue;`
			`+ }`
			`strcat( pathbuf, StrippedName);`

			`/* Check for existence of the path: */`