From 062a4bbcc26652f34a505d94ff0fbee7a641323c Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: Wed, 7 Feb 2024 16:56:25 +0100 Subject: [PATCH] 2253985 - cups-browsed crashes when remote CUPS queue found by DNS-SD is not able to response on IPP Get-Printer-Attributes fix several issues reported by openscanhub --- ...-Fix-memory-leak-in-resolve_callback.patch | 38 +++++++++++++++++++ ...hich-can-be-later-used-uninitialized.patch | 34 +++++++++++++++++ browsed-goto-fail.patch | 16 ++++++++ cups-browsed.spec | 11 +++++- 4 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-memory-leak-in-resolve_callback.patch create mode 100644 0001-Init-variables-which-can-be-later-used-uninitialized.patch create mode 100644 browsed-goto-fail.patch diff --git a/0001-Fix-memory-leak-in-resolve_callback.patch b/0001-Fix-memory-leak-in-resolve_callback.patch new file mode 100644 index 0000000..485e484 --- /dev/null +++ b/0001-Fix-memory-leak-in-resolve_callback.patch @@ -0,0 +1,38 @@ +From a38ab5522964afe07415aeebecdc12b13d0c9196 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 25 Jan 2024 17:43:25 +0100 +Subject: [PATCH] Fix memory leak in resolve_callback + +--- + daemon/cups-browsed.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/daemon/cups-browsed.c b/daemon/cups-browsed.c +index 1e461bd1..d4527c05 100644 +--- a/daemon/cups-browsed.c ++++ b/daemon/cups-browsed.c +@@ -10899,7 +10899,7 @@ resolve_callback(void* arg) + AVAHI_GCC_UNUSED void* userdata = a->userdata; + + char ifname[IF_NAMESIZE]; +- AvahiStringList *uuid_entry, *printer_type_entry; ++ AvahiStringList *uuid_entry = NULL, *printer_type_entry; + char *uuid_key, *uuid_value; + + debug_printf("resolve_callback() in THREAD %ld\n", pthread_self()); +@@ -11176,6 +11176,12 @@ resolve_callback(void* arg) + } + + ignore: ++ if (uuid_entry) ++ { ++ avahi_free(uuid_key); ++ avahi_free(uuid_value); ++ } ++ + if (a->name) free((char*)a->name); + if (a->type) free((char*)a->type); + if (a->domain) free((char*)a->domain); +-- +2.43.0 + diff --git a/0001-Init-variables-which-can-be-later-used-uninitialized.patch b/0001-Init-variables-which-can-be-later-used-uninitialized.patch new file mode 100644 index 0000000..c18f30a --- /dev/null +++ b/0001-Init-variables-which-can-be-later-used-uninitialized.patch @@ -0,0 +1,34 @@ +From 4ccd64b65b4672ce211bf56ee1ca6e1a5f8ebf5c Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Wed, 7 Feb 2024 14:59:41 +0100 +Subject: [PATCH] Init variables which can be later used uninitialized + +--- + daemon/cups-browsed.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/daemon/cups-browsed.c b/daemon/cups-browsed.c +index 29fd34a1..a144abae 100644 +--- a/daemon/cups-browsed.c ++++ b/daemon/cups-browsed.c +@@ -6935,7 +6935,7 @@ on_job_state (CupsNotifier *object, + + // The priority order for the PDLs is the same as in the + // PPD generator in ppd/ppd-generator.c of libppd +- document_format = (char *)malloc(sizeof(char) * 32); ++ document_format = (char *)calloc(32, sizeof(char)); + if (cupsArrayFind(pdl_list, "application/vnd.cups-pdf")) + strcpy(document_format, "application/vnd.cups-pdf"); + else if (cupsArrayFind(pdl_list, "image/urf")) +@@ -10951,7 +10951,7 @@ resolve_callback(void* arg) + // Called whenever a service has been resolved successfully + + // New remote printer found +- AvahiStringList *rp_entry, *adminurl_entry; ++ AvahiStringList *rp_entry = NULL, *adminurl_entry = NULL; + char *rp_key, *rp_value, *adminurl_key, *adminurl_value; + + debug_printf("Avahi Resolver: Service '%s' of type '%s' in domain '%s' with host name '%s' and port %d on interface '%s' (%s).\n", +-- +2.43.0 + diff --git a/browsed-goto-fail.patch b/browsed-goto-fail.patch new file mode 100644 index 0000000..8f04770 --- /dev/null +++ b/browsed-goto-fail.patch @@ -0,0 +1,16 @@ +diff --git a/daemon/cups-browsed.c b/daemon/cups-browsed.c +index 7f83510..9be61ca 100644 +--- a/daemon/cups-browsed.c ++++ b/daemon/cups-browsed.c +@@ -7792,8 +7792,11 @@ create_remote_printer_entry (const char *queue_name, + p->prattrs = cfGetPrinterAttributes(p->uri, NULL, 0, NULL, 0, 1); + debug_log_out(cf_get_printer_attributes_log); + if (p->prattrs == NULL) ++ { + debug_printf("get-printer-attributes IPP call failed on printer %s (%s).\n", + p->queue_name, p->uri); ++ goto fail; ++ } + } + } + else diff --git a/cups-browsed.spec b/cups-browsed.spec index 39767aa..6d45f21 100644 --- a/cups-browsed.spec +++ b/cups-browsed.spec @@ -10,7 +10,7 @@ Name: cups-browsed Epoch: 1 Version: 2.0.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Daemon for local auto-installation of remote printers # the CUPS exception text is the same as LLVM exception, so using that name with # agreement from legal team @@ -21,6 +21,11 @@ Source0: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.gz # Patches +# https://github.com/OpenPrinting/cups-browsed/pull/26 both 001 and 002 +Patch001: 0001-Fix-memory-leak-in-resolve_callback.patch +Patch002: 0001-Init-variables-which-can-be-later-used-uninitialized.patch +# https://github.com/OpenPrinting/cups-browsed/pull/25 +Patch003: browsed-goto-fail.patch # remove once CentOS Stream 10 is released, cups-browsed @@ -174,6 +179,10 @@ done %changelog +* Wed Feb 07 2024 Zdenek Dohnal - 1:2.0.0-4 +- 2253985 - cups-browsed crashes when remote CUPS queue found by DNS-SD is not able to response on IPP Get-Printer-Attributes +- fix several issues reported by openscanhub + * Wed Jan 24 2024 Fedora Release Engineering - 1:2.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild