1892426 - Crash:free(): invalid pointer in cups backend
This commit is contained in:
Zdenek Dohnal
parent
c6b1d204d1
commit
738416d420
@ -0,0 +1,43 @@
|
||||
From 5313c22785446473771e07d5adb1d2f11cbcbfe7 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Mon, 9 Nov 2020 07:40:20 +0100
|
||||
Subject: [PATCH] backend,scheduler/ipp.c: Fix 'printer-alert' invalid free
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The fix is created by Bernhard Übelacker from apple/cups #5826.
|
||||
---
|
||||
backend/ipp.c | 2 +-
|
||||
scheduler/ipp.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/backend/ipp.c b/backend/ipp.c
|
||||
index 35c0711c0..3e601b2ad 100644
|
||||
--- a/backend/ipp.c
|
||||
+++ b/backend/ipp.c
|
||||
@@ -3075,7 +3075,7 @@ report_printer_state(ipp_t *ipp) /* I - IPP response */
|
||||
* Report alerts and messages...
|
||||
*/
|
||||
|
||||
- if ((pa = ippFindAttribute(ipp, "printer-alert", IPP_TAG_TEXT)) != NULL)
|
||||
+ if ((pa = ippFindAttribute(ipp, "printer-alert", IPP_TAG_STRING)) != NULL)
|
||||
report_attr(pa);
|
||||
|
||||
if ((pam = ippFindAttribute(ipp, "printer-alert-message",
|
||||
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
|
||||
index 0c44d7d4a..68763a0f1 100644
|
||||
--- a/scheduler/ipp.c
|
||||
+++ b/scheduler/ipp.c
|
||||
@@ -4891,7 +4891,7 @@ copy_printer_attrs(
|
||||
}
|
||||
|
||||
if (printer->alert && (!ra || cupsArrayFind(ra, "printer-alert")))
|
||||
- ippAddString(con->response, IPP_TAG_PRINTER, IPP_TAG_STRING, "printer-alert", NULL, printer->alert);
|
||||
+ ippAddOctetString(con->response, IPP_TAG_PRINTER, "printer-alert", printer->alert, (int)strlen(printer->alert));
|
||||
|
||||
if (printer->alert_description && (!ra || cupsArrayFind(ra, "printer-alert-description")))
|
||||
ippAddString(con->response, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-alert-description", NULL, printer->alert_description);
|
||||
--
|
||||
2.26.2
|
||||
|
||||
27
cups.spec
27
cups.spec
@ -15,7 +15,7 @@ Summary: CUPS printing system
|
||||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.3.3
|
||||
Release: 17%{?dist}
|
||||
Release: 18%{?dist}
|
||||
License: ASL 2.0
|
||||
Url: http://www.cups.org/
|
||||
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
|
||||
@ -89,6 +89,12 @@ Patch21: cups-dymo-deviceid.patch
|
||||
# 1822154 - cups.service doesn't execute automatically on request
|
||||
# https://github.com/apple/cups/issues/5708
|
||||
Patch22: cups-autostart-when-enabled.patch
|
||||
|
||||
# selinux and audit enablement for CUPS - needs work and CUPS upstream wants
|
||||
# to have these features implemented their way in the future
|
||||
Patch100: cups-lspp.patch
|
||||
|
||||
#### UPSTREAM PATCHES ####
|
||||
# needed for correct color support of Canon printers, which
|
||||
# reports better options in print-color-mode-supported than
|
||||
# in pwg-raster-document-type-supported
|
||||
@ -113,12 +119,10 @@ Patch28: cups-ipptool-mdns-uri.patch
|
||||
# printing only one copy everytime
|
||||
# https://github.com/apple/cups/pull/5807
|
||||
Patch29: cups-manual-copies.patch
|
||||
|
||||
# selinux and audit enablement for CUPS - needs work and CUPS upstream wants
|
||||
# to have these features implemented their way in the future
|
||||
Patch100: cups-lspp.patch
|
||||
|
||||
#### UPSTREAM PATCHES ####
|
||||
# invalid free for printer-alert IPP attribute, because it was
|
||||
# freed as a different attribute type than it was allocated
|
||||
# backported from upstream https://github.com/OpenPrinting/cups/pull/43
|
||||
Patch30: 0001-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch
|
||||
|
||||
##### Patches removed because IMHO they aren't no longer needed
|
||||
##### but still I'll leave them in git in case their removal
|
||||
@ -337,12 +341,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
|
||||
%patch27 -p1 -b .webui-uri
|
||||
%patch28 -p1 -b .ipptool-mdns-uri
|
||||
%patch29 -p1 -b .manual-copies
|
||||
%patch30 -p1 -b .printer-alert
|
||||
|
||||
#### UPSTREAMED PATCHES ####
|
||||
|
||||
# removed dbus patch - seems breaking things
|
||||
# Fix implementation of com.redhat.PrinterSpooler D-Bus object.
|
||||
#%%patch6 -p1 -b .eggcups
|
||||
|
||||
# if cupsd is set to log into /var/log/cups, then 'MaxLogSize 0' needs to be
|
||||
# in cupsd.conf to disable cupsd logrotate functionality and use logrotated
|
||||
@ -767,6 +767,9 @@ rm -f %{cups_serverbin}/backend/smb
|
||||
%{_mandir}/man7/ippevepcl.7.gz
|
||||
|
||||
%changelog
|
||||
* Tue Nov 10 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3-18
|
||||
- 1892426 - Crash:free(): invalid pointer in cups backend
|
||||
|
||||
* Thu Nov 05 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3-17
|
||||
- make is no longer in buildroot
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user