1.28.5, 1881365 - cups-browsed crashing
This commit is contained in:
parent
d6cf1a69c5
commit
0a471b82f7
1
.gitignore
vendored
1
.gitignore
vendored
@ -100,3 +100,4 @@
|
||||
/cups-filters-1.27.5.tar.xz
|
||||
/cups-filters-1.28.1.tar.xz
|
||||
/cups-filters-1.28.2.tar.xz
|
||||
/cups-filters-1.28.5.tar.xz
|
||||
|
@ -0,0 +1,58 @@
|
||||
From 240ffb901d06a117bb8e10b486bfd3de6fe464b2 Mon Sep 17 00:00:00 2001
|
||||
From: Till Kamppeter <till.kamppeter@gmail.com>
|
||||
Date: Wed, 28 Oct 2020 10:44:19 +0100
|
||||
Subject: [PATCH] libcupsfilters: Added NULL check when removing ".Borderless"
|
||||
suffixes from page size names
|
||||
|
||||
---
|
||||
NEWS | 2 ++
|
||||
cupsfilters/ppdgenerator.c | 12 ++++++++----
|
||||
2 files changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c
|
||||
index 9fd4fb21..7b4aa0cf 100644
|
||||
--- a/cupsfilters/ppdgenerator.c
|
||||
+++ b/cupsfilters/ppdgenerator.c
|
||||
@@ -2224,7 +2224,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */
|
||||
|
||||
if (all_borderless) {
|
||||
suffix = strcasestr(ppdname, ".Borderless");
|
||||
- *suffix = '\0';
|
||||
+ if (suffix)
|
||||
+ *suffix = '\0';
|
||||
}
|
||||
|
||||
cupsFilePrintf(fp, "*OpenUI *PageSize/%s: PickOne\n"
|
||||
@@ -2258,7 +2259,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */
|
||||
|
||||
if (all_borderless) {
|
||||
suffix = strcasestr(ppdsizename, ".Borderless");
|
||||
- *suffix = '\0';
|
||||
+ if (suffix)
|
||||
+ *suffix = '\0';
|
||||
}
|
||||
|
||||
cupsFilePrintf(fp, "*PageSize %s%s%s%s: \"<</PageSize[%s %s]>>setpagedevice\"\n",
|
||||
@@ -2302,7 +2304,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */
|
||||
|
||||
if (all_borderless) {
|
||||
suffix = strcasestr(ppdsizename, ".Borderless");
|
||||
- *suffix = '\0';
|
||||
+ if (suffix)
|
||||
+ *suffix = '\0';
|
||||
}
|
||||
|
||||
cupsFilePrintf(fp, "*PageRegion %s%s%s%s: \"<</PageSize[%s %s]>>setpagedevice\"\n",
|
||||
@@ -2338,7 +2341,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */
|
||||
|
||||
if (all_borderless) {
|
||||
suffix = strcasestr(ppdsizename, ".Borderless");
|
||||
- *suffix = '\0';
|
||||
+ if (suffix)
|
||||
+ *suffix = '\0';
|
||||
}
|
||||
|
||||
cupsFilePrintf(fp, "*ImageableArea %s: \"%s %s %s %s\"\n", ppdsizename,
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,186 +0,0 @@
|
||||
diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
|
||||
index 21861a5..98c5ecf 100644
|
||||
--- a/cupsfilters/ipp.c
|
||||
+++ b/cupsfilters/ipp.c
|
||||
@@ -191,7 +191,7 @@ get_printer_attributes5(http_t *http_printer,
|
||||
{
|
||||
const char *uri;
|
||||
int have_http, uri_status, host_port, i = 0, total_attrs = 0, fallback,
|
||||
- cap = 0;
|
||||
+ cap = 0, uri_alloc = 0;
|
||||
char scheme[10], userpass[1024], host_name[1024], resource[1024];
|
||||
ipp_t *request, *response = NULL;
|
||||
ipp_attribute_t *attr;
|
||||
@@ -247,7 +247,18 @@ get_printer_attributes5(http_t *http_printer,
|
||||
if(resolve_uri_type == CUPS_BACKEND_URI_CONVERTER)
|
||||
uri = resolve_uri(raw_uri);
|
||||
else
|
||||
+ {
|
||||
uri = ippfind_based_uri_converter(raw_uri, resolve_uri_type);
|
||||
+ if (uri != NULL)
|
||||
+ uri_alloc = 1;
|
||||
+ }
|
||||
+
|
||||
+ if (uri == NULL)
|
||||
+ {
|
||||
+ log_printf(get_printer_attributes_log,
|
||||
+ "get-printer-attibutes: Cannot resolve URI: %s\n", raw_uri);
|
||||
+ return NULL;
|
||||
+ }
|
||||
|
||||
/* Extract URI componants needed for the IPP request */
|
||||
uri_status = httpSeparateURI(HTTP_URI_CODING_ALL, uri,
|
||||
@@ -261,6 +272,7 @@ get_printer_attributes5(http_t *http_printer,
|
||||
log_printf(get_printer_attributes_log,
|
||||
"get-printer-attributes: Cannot parse the printer URI: %s\n",
|
||||
uri);
|
||||
+ if (uri_alloc == 1) free(uri);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -273,6 +285,7 @@ get_printer_attributes5(http_t *http_printer,
|
||||
log_printf(get_printer_attributes_log,
|
||||
"get-printer-attributes: Cannot connect to printer with URI %s.\n",
|
||||
uri);
|
||||
+ if (uri_alloc == 1) free(uri);
|
||||
return NULL;
|
||||
}
|
||||
} else
|
||||
@@ -370,6 +383,7 @@ get_printer_attributes5(http_t *http_printer,
|
||||
} else {
|
||||
/* Suitable response, we are done */
|
||||
if (have_http == 0) httpClose(http_printer);
|
||||
+ if (uri_alloc == 1) free(uri);
|
||||
return response;
|
||||
}
|
||||
} else {
|
||||
@@ -398,6 +412,7 @@ get_printer_attributes5(http_t *http_printer,
|
||||
}
|
||||
|
||||
if (have_http == 0) httpClose(http_printer);
|
||||
+ if (uri_alloc == 1) free(uri);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -418,7 +433,7 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
|
||||
char *ippfind_argv[100], /* Arguments for ippfind */
|
||||
*ptr_to_port = NULL,
|
||||
*reg_type,
|
||||
- *resolved_uri, /* Buffer for resolved URI */
|
||||
+ *resolved_uri = NULL, /* Buffer for resolved URI */
|
||||
*resource_field = NULL,
|
||||
*service_hostname = NULL,
|
||||
/* URI components... */
|
||||
@@ -426,13 +441,11 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
|
||||
userpass[256],
|
||||
hostname[1024],
|
||||
resource[1024],
|
||||
- buffer[8192], /* Copy buffer */
|
||||
+ *buffer = NULL, /* Copy buffer */
|
||||
*ptr; /* Pointer into string */;
|
||||
cups_file_t *fp; /* Post-processing input file */
|
||||
int status; /* Status of GET request */
|
||||
|
||||
- resolved_uri = (char *)malloc(2048 * (sizeof(char)));
|
||||
-
|
||||
status = httpSeparateURI(HTTP_URI_CODING_ALL, uri, scheme, sizeof(scheme),
|
||||
userpass, sizeof(userpass),
|
||||
hostname, sizeof(hostname), &port, resource,
|
||||
@@ -445,10 +458,16 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
|
||||
|
||||
/* URI is not DNS-SD-based, so do not resolve */
|
||||
if ((reg_type = strstr(hostname, "._tcp")) == NULL) {
|
||||
- free(resolved_uri);
|
||||
return strdup(uri);
|
||||
}
|
||||
|
||||
+ resolved_uri = (char *)malloc(MAX_URI_LEN * (sizeof(char)));
|
||||
+ if (resolved_uri == NULL) {
|
||||
+ fprintf(stderr, "resolved_uri malloc: Out of memory\n");
|
||||
+ goto error;
|
||||
+ }
|
||||
+ memset(resolved_uri, 0, MAX_URI_LEN);
|
||||
+
|
||||
reg_type --;
|
||||
while (reg_type >= hostname && *reg_type != '.')
|
||||
reg_type --;
|
||||
@@ -523,26 +542,38 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
|
||||
|
||||
fp = cupsFileStdin();
|
||||
|
||||
- while ((bytes = cupsFileGetLine(fp, buffer, sizeof(buffer))) > 0) {
|
||||
+ buffer = (char*)malloc(MAX_OUTPUT_LEN * sizeof(char));
|
||||
+ if (buffer == NULL) {
|
||||
+ fprintf(stderr, "buffer malloc: Out of memory.\n");
|
||||
+ goto error;
|
||||
+ }
|
||||
+ memset(buffer, 0, MAX_OUTPUT_LEN);
|
||||
+
|
||||
+ while ((bytes = cupsFileGetLine(fp, buffer, MAX_OUTPUT_LEN)) > 0) {
|
||||
/* Mark all the fields of the output of ippfind */
|
||||
ptr = buffer;
|
||||
+
|
||||
+ /* ignore new lines */
|
||||
+ if (bytes < 3)
|
||||
+ goto read_error;
|
||||
+
|
||||
/* First, build the DNS-SD-service-name-based URI ... */
|
||||
while (ptr && !isalnum(*ptr & 255)) ptr ++;
|
||||
|
||||
service_hostname = ptr;
|
||||
- ptr = memchr(ptr, '\t', sizeof(buffer) - (ptr - buffer));
|
||||
+ ptr = memchr(ptr, '\t', MAX_OUTPUT_LEN - (ptr - buffer));
|
||||
if (!ptr) goto read_error;
|
||||
*ptr = '\0';
|
||||
ptr ++;
|
||||
|
||||
resource_field = ptr;
|
||||
- ptr = memchr(ptr, '\t', sizeof(buffer) - (ptr - buffer));
|
||||
+ ptr = memchr(ptr, '\t', MAX_OUTPUT_LEN - (ptr - buffer));
|
||||
if (!ptr) goto read_error;
|
||||
*ptr = '\0';
|
||||
ptr ++;
|
||||
|
||||
ptr_to_port = ptr;
|
||||
- ptr = memchr(ptr, '\t', sizeof(buffer) - (ptr - buffer));
|
||||
+ ptr = memchr(ptr, '\t', MAX_OUTPUT_LEN - (ptr - buffer));
|
||||
if (!ptr) goto read_error;
|
||||
*ptr = '\0';
|
||||
ptr ++;
|
||||
@@ -566,9 +597,12 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
|
||||
output_of_fax_uri = 1; /* fax-uri requested from fax-capable device */
|
||||
|
||||
read_error:
|
||||
- continue;
|
||||
+ memset(buffer, 0, MAX_OUTPUT_LEN);
|
||||
}
|
||||
|
||||
+ if (buffer != NULL)
|
||||
+ free(buffer);
|
||||
+
|
||||
/*
|
||||
* Wait for the child processes to exit...
|
||||
*/
|
||||
@@ -615,6 +649,8 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
|
||||
*/
|
||||
|
||||
error:
|
||||
+ if (resolved_uri != NULL)
|
||||
+ free(resolved_uri);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
diff --git a/cupsfilters/ipp.h b/cupsfilters/ipp.h
|
||||
index 374b890..bcf22a8 100644
|
||||
--- a/cupsfilters/ipp.h
|
||||
+++ b/cupsfilters/ipp.h
|
||||
@@ -38,6 +38,9 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
#define LOGSIZE 4 * 65536
|
||||
+#define MAX_OUTPUT_LEN 8192
|
||||
+#define MAX_URI_LEN 2048
|
||||
+
|
||||
char get_printer_attributes_log[LOGSIZE];
|
||||
|
||||
const char *resolve_uri(const char *raw_uri);
|
@ -1,22 +0,0 @@
|
||||
diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c
|
||||
index 8c2040b6..b0e7a803 100644
|
||||
--- a/utils/cups-browsed.c
|
||||
+++ b/utils/cups-browsed.c
|
||||
@@ -3614,7 +3614,7 @@ new_local_printer (const char *device_uri,
|
||||
{
|
||||
local_printer_t *printer = g_malloc (sizeof (local_printer_t));
|
||||
printer->device_uri = strdup (device_uri);
|
||||
- printer->uuid = (uuid ? strdup (uuid) : NULL);
|
||||
+ printer->uuid = uuid;
|
||||
printer->cups_browsed_controlled = cups_browsed_controlled;
|
||||
return printer;
|
||||
}
|
||||
@@ -3796,7 +3796,7 @@ get_printer_uuid(http_t *http_printer,
|
||||
|
||||
|
||||
if (attr)
|
||||
- uuid = ippGetString(attr, 0, NULL) + 9;
|
||||
+ uuid = strdup(ippGetString(attr, 0, NULL) + 9);
|
||||
else {
|
||||
debug_printf ("Printer with URI %s: Cannot read \"printer-uuid\" IPP attribute!\n",
|
||||
raw_uri);
|
@ -3,8 +3,8 @@
|
||||
|
||||
Summary: OpenPrinting CUPS filters and backends
|
||||
Name: cups-filters
|
||||
Version: 1.28.2
|
||||
Release: 3%{?dist}
|
||||
Version: 1.28.5
|
||||
Release: 1%{?dist}
|
||||
|
||||
# For a breakdown of the licensing, see COPYING file
|
||||
# GPLv2: filters: commandto*, imagetoraster, pdftops, rasterto*,
|
||||
@ -20,11 +20,10 @@ License: GPLv2 and GPLv2+ and GPLv3 and GPLv3+ and LGPLv2+ and MIT and BSD with
|
||||
Url: http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters
|
||||
Source0: http://www.openprinting.org/download/cups-filters/cups-filters-%{version}.tar.xz
|
||||
|
||||
Patch01: cups-filters-init-buf.patch
|
||||
# backported from upstream https://github.com/OpenPrinting/cups-filters/pull/311
|
||||
Patch02: cups-filters-uuid.patch
|
||||
# backported from upstream https://github.com/OpenPrinting/cups-filters/pull/313
|
||||
Patch03: foomatic-remove-tmpfile.patch
|
||||
Patch01: foomatic-remove-tmpfile.patch
|
||||
# backported from upstream
|
||||
Patch02: 0001-libcupsfilters-Added-NULL-check-when-removing-.Borde.patch
|
||||
|
||||
Requires: cups-filters-libs%{?_isa} = %{version}-%{release}
|
||||
|
||||
@ -352,6 +351,9 @@ done
|
||||
%{_libdir}/libfontembed.so
|
||||
|
||||
%changelog
|
||||
* Mon Nov 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.5-1
|
||||
- 1.28.5, 1881365 - cups-browsed crashing
|
||||
|
||||
* Tue Sep 29 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.2-3
|
||||
- 1891720 - foomatic-rip files up /var/spool/tmp with temporary files
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (cups-filters-1.28.2.tar.xz) = aa5f075927286a8278259025aa5baf95445809a83b88e2d4654e8f0a124012591b045df115294242fae60a283d983d6cdbaafc6a51224af30a7e56b58d831da5
|
||||
SHA512 (cups-filters-1.28.5.tar.xz) = e020d0e14ad70fbac4d367b4f1d653faf5030b961c6fc4b9f9587c068ccb63c286d07ee32e04e634a877fc8ca90c6dfa4b89aa288e896eea0026e1053cd8a4ef
|
||||
|
Loading…
Reference in New Issue
Block a user