a5bf04c3a5
- Applied patch to prevent heap-based buffer overflow in CUPS helper
program (bug #436153, CVE-2008-0047, STR #2729).
15 lines
549 B
Diff
15 lines
549 B
Diff
diff -up cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 cups-1.3.6/cgi-bin/search.c
|
|
--- cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 2008-01-16 22:20:33.000000000 +0000
|
|
+++ cups-1.3.6/cgi-bin/search.c 2008-04-01 16:41:30.000000000 +0100
|
|
@@ -167,7 +167,9 @@ cgiCompileSearch(const char *query) /* I
|
|
* string + RE overhead...
|
|
*/
|
|
|
|
- wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;
|
|
+ wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
|
|
+ if (lword)
|
|
+ wlen += strlen(lword);
|
|
|
|
if (wlen > slen)
|
|
{
|