ghostscript/ghostscript-CVE-2009-4270.patch
Tim Waugh 30670513ba - Fix debugging output from gdevcups (CVE-2009-4270, bug #540760).
- Harden ghostscript's debugging output functions (bug #540760).
2009-12-24 11:31:50 +00:00

18 lines
742 B
Diff

diff -up ghostscript-8.70/cups/gdevcups.c.gdevcups-debug ghostscript-8.70/cups/gdevcups.c
--- ghostscript-8.70/cups/gdevcups.c.gdevcups-debug 2009-05-20 23:30:48.000000000 +0100
+++ ghostscript-8.70/cups/gdevcups.c 2009-11-24 17:16:11.929250977 +0000
@@ -2816,11 +2816,11 @@ cups_put_params(gx_device *pdev, /*
} \
else if (code == 0) \
{ \
- dprintf2("DEBUG: Setting %s to \"%s\"...\n", sname, \
- (char *)stringval.data); \
strncpy(cups->header.name, (const char *)stringval.data, \
stringval.size); \
cups->header.name[stringval.size] = '\0'; \
+ dprintf2("DEBUG: Setting %s to \"%s\"...\n", sname, \
+ cups->header.name); \
}
#define intoption(name, sname, type) \