cups/cups-CVE-2008-0047.patch

diff -up cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 cups-1.3.6/cgi-bin/search.c
--- cups-1.3.6/cgi-bin/search.c.CVE-2008-0047	2008-01-16 22:20:33.000000000 +0000
+++ cups-1.3.6/cgi-bin/search.c	2008-04-01 16:41:30.000000000 +0100
@@ -167,7 +167,9 @@ cgiCompileSearch(const char *query)	/* I
       * string + RE overhead...
       */
 
-      wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;
+      wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
+      if (lword)
+        wlen += strlen(lword);
 
       if (wlen > slen)
       {
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). 2008-04-01 15:48:12 +00:00			`diff -up cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 cups-1.3.6/cgi-bin/search.c`
			`--- cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 2008-01-16 22:20:33.000000000 +0000`
			`+++ cups-1.3.6/cgi-bin/search.c 2008-04-01 16:41:30.000000000 +0100`
			`@@ -167,7 +167,9 @@ cgiCompileSearch(const char query) / I`
			`* string + RE overhead...`
			`*/`

			`- wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;`
			`+ wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;`
			`+ if (lword)`
			`+ wlen += strlen(lword);`

			`if (wlen > slen)`
			`{`