1.28.5, 1881365 - cups-browsed crashing

This commit is contained in:
Zdenek Dohnal 2020-11-02 13:28:57 +01:00
parent d6cf1a69c5
commit 0a471b82f7
6 changed files with 68 additions and 215 deletions

1
.gitignore vendored
View File

@ -100,3 +100,4 @@
/cups-filters-1.27.5.tar.xz
/cups-filters-1.28.1.tar.xz
/cups-filters-1.28.2.tar.xz
/cups-filters-1.28.5.tar.xz

View File

@ -0,0 +1,58 @@
From 240ffb901d06a117bb8e10b486bfd3de6fe464b2 Mon Sep 17 00:00:00 2001
From: Till Kamppeter <till.kamppeter@gmail.com>
Date: Wed, 28 Oct 2020 10:44:19 +0100
Subject: [PATCH] libcupsfilters: Added NULL check when removing ".Borderless"
suffixes from page size names
---
NEWS | 2 ++
cupsfilters/ppdgenerator.c | 12 ++++++++----
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c
index 9fd4fb21..7b4aa0cf 100644
--- a/cupsfilters/ppdgenerator.c
+++ b/cupsfilters/ppdgenerator.c
@@ -2224,7 +2224,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */
if (all_borderless) {
suffix = strcasestr(ppdname, ".Borderless");
- *suffix = '\0';
+ if (suffix)
+ *suffix = '\0';
}
cupsFilePrintf(fp, "*OpenUI *PageSize/%s: PickOne\n"
@@ -2258,7 +2259,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */
if (all_borderless) {
suffix = strcasestr(ppdsizename, ".Borderless");
- *suffix = '\0';
+ if (suffix)
+ *suffix = '\0';
}
cupsFilePrintf(fp, "*PageSize %s%s%s%s: \"<</PageSize[%s %s]>>setpagedevice\"\n",
@@ -2302,7 +2304,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */
if (all_borderless) {
suffix = strcasestr(ppdsizename, ".Borderless");
- *suffix = '\0';
+ if (suffix)
+ *suffix = '\0';
}
cupsFilePrintf(fp, "*PageRegion %s%s%s%s: \"<</PageSize[%s %s]>>setpagedevice\"\n",
@@ -2338,7 +2341,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */
if (all_borderless) {
suffix = strcasestr(ppdsizename, ".Borderless");
- *suffix = '\0';
+ if (suffix)
+ *suffix = '\0';
}
cupsFilePrintf(fp, "*ImageableArea %s: \"%s %s %s %s\"\n", ppdsizename,
--
2.26.2

View File

@ -1,186 +0,0 @@
diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
index 21861a5..98c5ecf 100644
--- a/cupsfilters/ipp.c
+++ b/cupsfilters/ipp.c
@@ -191,7 +191,7 @@ get_printer_attributes5(http_t *http_printer,
{
const char *uri;
int have_http, uri_status, host_port, i = 0, total_attrs = 0, fallback,
- cap = 0;
+ cap = 0, uri_alloc = 0;
char scheme[10], userpass[1024], host_name[1024], resource[1024];
ipp_t *request, *response = NULL;
ipp_attribute_t *attr;
@@ -247,7 +247,18 @@ get_printer_attributes5(http_t *http_printer,
if(resolve_uri_type == CUPS_BACKEND_URI_CONVERTER)
uri = resolve_uri(raw_uri);
else
+ {
uri = ippfind_based_uri_converter(raw_uri, resolve_uri_type);
+ if (uri != NULL)
+ uri_alloc = 1;
+ }
+
+ if (uri == NULL)
+ {
+ log_printf(get_printer_attributes_log,
+ "get-printer-attibutes: Cannot resolve URI: %s\n", raw_uri);
+ return NULL;
+ }
/* Extract URI componants needed for the IPP request */
uri_status = httpSeparateURI(HTTP_URI_CODING_ALL, uri,
@@ -261,6 +272,7 @@ get_printer_attributes5(http_t *http_printer,
log_printf(get_printer_attributes_log,
"get-printer-attributes: Cannot parse the printer URI: %s\n",
uri);
+ if (uri_alloc == 1) free(uri);
return NULL;
}
@@ -273,6 +285,7 @@ get_printer_attributes5(http_t *http_printer,
log_printf(get_printer_attributes_log,
"get-printer-attributes: Cannot connect to printer with URI %s.\n",
uri);
+ if (uri_alloc == 1) free(uri);
return NULL;
}
} else
@@ -370,6 +383,7 @@ get_printer_attributes5(http_t *http_printer,
} else {
/* Suitable response, we are done */
if (have_http == 0) httpClose(http_printer);
+ if (uri_alloc == 1) free(uri);
return response;
}
} else {
@@ -398,6 +412,7 @@ get_printer_attributes5(http_t *http_printer,
}
if (have_http == 0) httpClose(http_printer);
+ if (uri_alloc == 1) free(uri);
return NULL;
}
@@ -418,7 +433,7 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
char *ippfind_argv[100], /* Arguments for ippfind */
*ptr_to_port = NULL,
*reg_type,
- *resolved_uri, /* Buffer for resolved URI */
+ *resolved_uri = NULL, /* Buffer for resolved URI */
*resource_field = NULL,
*service_hostname = NULL,
/* URI components... */
@@ -426,13 +441,11 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
userpass[256],
hostname[1024],
resource[1024],
- buffer[8192], /* Copy buffer */
+ *buffer = NULL, /* Copy buffer */
*ptr; /* Pointer into string */;
cups_file_t *fp; /* Post-processing input file */
int status; /* Status of GET request */
- resolved_uri = (char *)malloc(2048 * (sizeof(char)));
-
status = httpSeparateURI(HTTP_URI_CODING_ALL, uri, scheme, sizeof(scheme),
userpass, sizeof(userpass),
hostname, sizeof(hostname), &port, resource,
@@ -445,10 +458,16 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
/* URI is not DNS-SD-based, so do not resolve */
if ((reg_type = strstr(hostname, "._tcp")) == NULL) {
- free(resolved_uri);
return strdup(uri);
}
+ resolved_uri = (char *)malloc(MAX_URI_LEN * (sizeof(char)));
+ if (resolved_uri == NULL) {
+ fprintf(stderr, "resolved_uri malloc: Out of memory\n");
+ goto error;
+ }
+ memset(resolved_uri, 0, MAX_URI_LEN);
+
reg_type --;
while (reg_type >= hostname && *reg_type != '.')
reg_type --;
@@ -523,26 +542,38 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
fp = cupsFileStdin();
- while ((bytes = cupsFileGetLine(fp, buffer, sizeof(buffer))) > 0) {
+ buffer = (char*)malloc(MAX_OUTPUT_LEN * sizeof(char));
+ if (buffer == NULL) {
+ fprintf(stderr, "buffer malloc: Out of memory.\n");
+ goto error;
+ }
+ memset(buffer, 0, MAX_OUTPUT_LEN);
+
+ while ((bytes = cupsFileGetLine(fp, buffer, MAX_OUTPUT_LEN)) > 0) {
/* Mark all the fields of the output of ippfind */
ptr = buffer;
+
+ /* ignore new lines */
+ if (bytes < 3)
+ goto read_error;
+
/* First, build the DNS-SD-service-name-based URI ... */
while (ptr && !isalnum(*ptr & 255)) ptr ++;
service_hostname = ptr;
- ptr = memchr(ptr, '\t', sizeof(buffer) - (ptr - buffer));
+ ptr = memchr(ptr, '\t', MAX_OUTPUT_LEN - (ptr - buffer));
if (!ptr) goto read_error;
*ptr = '\0';
ptr ++;
resource_field = ptr;
- ptr = memchr(ptr, '\t', sizeof(buffer) - (ptr - buffer));
+ ptr = memchr(ptr, '\t', MAX_OUTPUT_LEN - (ptr - buffer));
if (!ptr) goto read_error;
*ptr = '\0';
ptr ++;
ptr_to_port = ptr;
- ptr = memchr(ptr, '\t', sizeof(buffer) - (ptr - buffer));
+ ptr = memchr(ptr, '\t', MAX_OUTPUT_LEN - (ptr - buffer));
if (!ptr) goto read_error;
*ptr = '\0';
ptr ++;
@@ -566,9 +597,12 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
output_of_fax_uri = 1; /* fax-uri requested from fax-capable device */
read_error:
- continue;
+ memset(buffer, 0, MAX_OUTPUT_LEN);
}
+ if (buffer != NULL)
+ free(buffer);
+
/*
* Wait for the child processes to exit...
*/
@@ -615,6 +649,8 @@ ippfind_based_uri_converter (const char *uri, int is_fax)
*/
error:
+ if (resolved_uri != NULL)
+ free(resolved_uri);
return (NULL);
}
diff --git a/cupsfilters/ipp.h b/cupsfilters/ipp.h
index 374b890..bcf22a8 100644
--- a/cupsfilters/ipp.h
+++ b/cupsfilters/ipp.h
@@ -38,6 +38,9 @@ extern "C" {
#endif
#define LOGSIZE 4 * 65536
+#define MAX_OUTPUT_LEN 8192
+#define MAX_URI_LEN 2048
+
char get_printer_attributes_log[LOGSIZE];
const char *resolve_uri(const char *raw_uri);

View File

@ -1,22 +0,0 @@
diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c
index 8c2040b6..b0e7a803 100644
--- a/utils/cups-browsed.c
+++ b/utils/cups-browsed.c
@@ -3614,7 +3614,7 @@ new_local_printer (const char *device_uri,
{
local_printer_t *printer = g_malloc (sizeof (local_printer_t));
printer->device_uri = strdup (device_uri);
- printer->uuid = (uuid ? strdup (uuid) : NULL);
+ printer->uuid = uuid;
printer->cups_browsed_controlled = cups_browsed_controlled;
return printer;
}
@@ -3796,7 +3796,7 @@ get_printer_uuid(http_t *http_printer,
if (attr)
- uuid = ippGetString(attr, 0, NULL) + 9;
+ uuid = strdup(ippGetString(attr, 0, NULL) + 9);
else {
debug_printf ("Printer with URI %s: Cannot read \"printer-uuid\" IPP attribute!\n",
raw_uri);

View File

@ -3,8 +3,8 @@
Summary: OpenPrinting CUPS filters and backends
Name: cups-filters
Version: 1.28.2
Release: 3%{?dist}
Version: 1.28.5
Release: 1%{?dist}
# For a breakdown of the licensing, see COPYING file
# GPLv2: filters: commandto*, imagetoraster, pdftops, rasterto*,
@ -20,11 +20,10 @@ License: GPLv2 and GPLv2+ and GPLv3 and GPLv3+ and LGPLv2+ and MIT and BSD with
Url: http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters
Source0: http://www.openprinting.org/download/cups-filters/cups-filters-%{version}.tar.xz
Patch01: cups-filters-init-buf.patch
# backported from upstream https://github.com/OpenPrinting/cups-filters/pull/311
Patch02: cups-filters-uuid.patch
# backported from upstream https://github.com/OpenPrinting/cups-filters/pull/313
Patch03: foomatic-remove-tmpfile.patch
Patch01: foomatic-remove-tmpfile.patch
# backported from upstream
Patch02: 0001-libcupsfilters-Added-NULL-check-when-removing-.Borde.patch
Requires: cups-filters-libs%{?_isa} = %{version}-%{release}
@ -352,6 +351,9 @@ done
%{_libdir}/libfontembed.so
%changelog
* Mon Nov 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.5-1
- 1.28.5, 1881365 - cups-browsed crashing
* Tue Sep 29 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.2-3
- 1891720 - foomatic-rip files up /var/spool/tmp with temporary files

View File

@ -1 +1 @@
SHA512 (cups-filters-1.28.2.tar.xz) = aa5f075927286a8278259025aa5baf95445809a83b88e2d4654e8f0a124012591b045df115294242fae60a283d983d6cdbaafc6a51224af30a7e56b58d831da5
SHA512 (cups-filters-1.28.5.tar.xz) = e020d0e14ad70fbac4d367b4f1d653faf5030b961c6fc4b9f9587c068ccb63c286d07ee32e04e634a877fc8ca90c6dfa4b89aa288e896eea0026e1053cd8a4ef