RHEL-71942 Fix several important issues reported by OSH

Resolves: RHEL-71942
2025-02-05 16:38:14 +01:00 · 2025-02-05 16:38:14 +01:00 · 451fb06ea7
commit 451fb06ea7
parent 6c38be0e74
2 changed files with 152 additions and 1 deletions
--- a/0001-Fix-issues-reported-by-OSH.patch
+++ b/0001-Fix-issues-reported-by-OSH.patch
@ -0,0 +1,146 @@
+diff --git a/ppd/debug.c b/ppd/debug.c
+index 4120f59..148ee5f 100644
+--- a/ppd/debug.c
+++ b/ppd/debug.c
+@@ -257,7 +257,7 @@ _ppd_debug_set(const char *logfile,	// I - Log file or NULL
+     {
+       char	buffer[1024];		// Filename buffer
+ 
+-      snprintf(buffer, sizeof(buffer), logfile, getpid());
+      snprintf(buffer, sizeof(buffer), "%s-%d", logfile, (int)getpid());
+ 
+       if (buffer[0] == '+')
+ 	_ppd_debug_fd = open(buffer + 1, O_WRONLY | O_APPEND | O_CREAT, 0644);
+diff --git a/ppd/imagetops-pstops.c b/ppd/imagetops-pstops.c
+index aae9e08..262fae8 100644
+--- a/ppd/imagetops-pstops.c
+++ b/ppd/imagetops-pstops.c
+@@ -1177,6 +1177,9 @@ ppdFilterImageToPS(int inputfd,			// I - File descriptor input
+     if (log) log(ld, CF_LOGLEVEL_ERROR,
+ 		 "ppdFilterImageToPS: The print file could not be opened - %s",
+ 		 strerror(errno));
+    cfImageClose(img);
+    fclose(doc.outputfp);
+    close(outputfd);
+     return (1);
+   }
+ 
+@@ -1588,6 +1591,8 @@ ppdFilterImageToPS(int inputfd,			// I - File descriptor input
+     log(ld, CF_LOGLEVEL_ERROR,
+ 	"ppdFilterImageToPS: Could not allocate memory.");
+     cfImageClose(img);
+    fclose(doc.outputfp);
+    close(outputfd);
+     return (2);
+   }
+ 
+diff --git a/ppd/ppd-cache.c b/ppd/ppd-cache.c
+index 7e4ac41..9560246 100644
+--- a/ppd/ppd-cache.c
+++ b/ppd/ppd-cache.c
+@@ -730,7 +730,7 @@ ppdCacheCreateWithFile(
+ 
+       cupsArrayAdd(pc->prefilters, value);
+     }
+-    else if (!_ppd_strcasecmp(line, "Product"))
+    else if (!pc->product && !_ppd_strcasecmp(line, "Product"))
+     {
+       pc->product = strdup(value);
+     }
+diff --git a/ppd/ppd-collection.cxx b/ppd/ppd-collection.cxx
+index 27a0b01..8fba89f 100644
+--- a/ppd/ppd-collection.cxx
+++ b/ppd/ppd-collection.cxx
+@@ -66,7 +66,7 @@ typedef union				// **** TAR record format ****
+ 		chksum[8],		// Octal checksum value
+ 		linkflag,		// File type
+ 		linkname[100],		// Source path for link
+-		magic[6],		// Magic string
+		magic[8],		// Magic string
+ 		version[2],		// Format version
+ 		uname[32],		// User name
+ 		gname[32],		// Group name
+@@ -231,6 +231,7 @@ ppdCollectionListPPDs(
+   ppdlist.PPDsByMakeModel = cupsArrayNew((cups_array_func_t)compare_ppds,
+ 					  NULL);
+   ppdlist.ChangedPPD      = 0;
+  ppdlist.Inodes          = NULL;
+ 
+ 
+   //
+@@ -846,9 +847,9 @@ ppdCollectionDumpCache(const char *filename,	// I - Filename
+   for (ppd = (ppd_info_t *)cupsArrayFirst(ppdlist.PPDsByName);
+        ppd;
+        ppd = (ppd_info_t *)cupsArrayNext(ppdlist.PPDsByName))
+-    printf("%d,%ld,%d,%d,\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\","
+    printf("%jd,%ld,%d,%d,\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\","
+            "\"%s\",\"%s\"\n",
+-           (int)ppd->record.mtime, (long)ppd->record.size,
+           (intmax_t)ppd->record.mtime, (long)ppd->record.size,
+ 	   ppd->record.model_number, ppd->record.type, ppd->record.filename,
+ 	   ppd->record.name, ppd->record.languages[0], ppd->record.products[0],
+ 	   ppd->record.psversions[0], ppd->record.make,
+@@ -1272,11 +1273,14 @@ free_ppdlist(ppd_list_t *ppdlist)	// I - PPD list to free
+   ppd_info_t	*ppd;			// Pointer to PPD info
+ 
+ 
+-  for (dinfoptr = (struct stat *)cupsArrayFirst(ppdlist->Inodes);
+-       dinfoptr;
+-       dinfoptr = (struct stat *)cupsArrayNext(ppdlist->Inodes))
+-    free(dinfoptr);
+-  cupsArrayDelete(ppdlist->Inodes);
+  if (ppdlist->Inodes)
+  {
+    for (dinfoptr = (struct stat *)cupsArrayFirst(ppdlist->Inodes);
+         dinfoptr;
+         dinfoptr = (struct stat *)cupsArrayNext(ppdlist->Inodes))
+      free(dinfoptr);
+    cupsArrayDelete(ppdlist->Inodes);
+  }
+ 
+   for (ppd = (ppd_info_t *)cupsArrayFirst(ppdlist->PPDsByName);
+        ppd;
+diff --git a/ppd/ppd-ipp.c b/ppd/ppd-ipp.c
+index e698bd6..3f6b453 100644
+--- a/ppd/ppd-ipp.c
+++ b/ppd/ppd-ipp.c
+@@ -1312,7 +1312,8 @@ ppdLoadAttributes(
+        (ppd_option = ppdFindOption(ppd, "print-rendering-intent")) != NULL) &&
+       ppd_option->num_choices > 0)
+   {
+-    for (i = 0; i < ppd_option->num_choices && i < sizeof(items); i ++)
+    num_items = sizeof(items)/sizeof(char*);
+    for (i = 0; i < ppd_option->num_choices && i < num_items; i ++)
+       items[i] = ppd_option->choices[i].choice;
+     ippAddStrings(attrs, IPP_TAG_PRINTER, IPP_TAG_KEYWORD,
+ 		  "print-rendering-intent-supported", i, NULL, items);
+diff --git a/ppd/ppd-test.c b/ppd/ppd-test.c
+index 45d662c..71fcbfe 100644
+--- a/ppd/ppd-test.c
+++ b/ppd/ppd-test.c
+@@ -3058,7 +3058,7 @@ check_filters(ppd_file_t *ppd,       // I - PPD file
+     type[256],           // Type for filter
+     dstsuper[16],        // Destination super-type for filter
+     dsttype[256],        // Destination type for filter
+-    program[128],        // Program/filter name
+    program[1024],        // Program/filter name
+     pathprog[1024];      // Complete path to program/filter
+   int cost;              // Cost of filter
+   const char *prefix;    // WARN/FAIL prefix
+diff --git a/ppd/rastertops.c b/ppd/rastertops.c
+index bd41653..908cd2b 100644
+--- a/ppd/rastertops.c
+++ b/ppd/rastertops.c
+@@ -523,7 +523,12 @@ ppdFilterRasterToPS(int inputfd,         // I - File descriptor input stream
+   {
+     if (log) log(ld, CF_LOGLEVEL_DEBUG,
+ 		 "ppdFilterRasterToPS: Input is empty, outputting empty file.");
+
+     cupsRasterClose(ras);
+    cupsFileClose(inputfp);
+    fclose(outputfp);
+    close(outputfd);
+
+     return (0);
+   }
+ 
--- a/libppd.spec
+++ b/libppd.spec
@ -6,7 +6,7 @@
 Name:           libppd
 Epoch:          1
 Version:        2.0.0
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        Library for retro-fitting legacy printer drivers

 # the CUPS exception text is the same as LLVM exception, so using that name with
@ -28,6 +28,8 @@ Patch001: libppd-check-required-attrs.patch
 Patch002: libppd-fix-delta-for-sizes.patch
 # RHEL-60335 CVE-2024-47175 libppd: remote command injection via attacker controlled data in PPD file
 Patch003: 0001-prevent-ppd-generation-based-on-invalid-ipp-response.patch
+# RHEL-71942 Fix several important issues reported by OSH
+Patch004: 0001-Fix-issues-reported-by-OSH.patch


 # for autogen.sh
@ -200,6 +202,9 @@ rm -rf %{buildroot}%{_datadir}/ppdc
 %endif

 %changelog
+* Wed Feb 05 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-10
+- RHEL-71942 Fix several important issues reported by OSH
+
 * Thu Nov 21 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-9
 - RHEL-60335 CVE-2024-47175 libppd: remote command injection via attacker controlled data in PPD file