rpms/pappl-retrofit
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix Openscanhub issues

Browse Source 
Resolves: RHEL-71659
This commit is contained in:
Zdenek Dohnal 2025-01-29 15:13:26 +01:00
parent c4e3a1b9d2
commit 6c849a09f3
5 changed files with 216 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0001-Fix-possible-unterminated-string.patch Normal file
View File

@ -0,0 +1,30 @@
From a06689c14dbff46107aa9b1933ed3d9268cfc9c9 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Mon, 16 Dec 2024 14:38:08 +0100
Subject: [PATCH] Fix possible unterminated string
Although we terminate buf2 in libcupsfilters and make_model can't be
1024 bytes long, using snprintf() fixes the coverity report and makes
sure the buffer is terminated.
---
pappl-retrofit/pappl-retrofit.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/pappl-retrofit/pappl-retrofit.c b/pappl-retrofit/pappl-retrofit.c
index 7627164..b187bde 100644
--- a/pappl-retrofit/pappl-retrofit.c
+++ b/pappl-retrofit/pappl-retrofit.c
@@ -4054,9 +4054,7 @@ _prSetupDriverList(pr_printer_app_global_data_t *global_data)
// word (cleaned manufacturer name or part of it) is the
// same, we accept the data of the device ID as display
// string.
- strncpy(buf1,
- (buf2[0] ? buf2 : ppd->record.make_and_model),
- sizeof(buf1));
+ snprintf(buf1, sizeof(buf1), "%s", buf2[0] ? buf2 : ppd->record.make_and_model);
if ((ptr = strchr(buf1, ' ')) != NULL)
*ptr = '\0';
// Convert device ID to make/model string, so that we can add
--
2.48.1

107
0001-Fix-potential-memory-leaks.patch Normal file
View File

@ -0,0 +1,107 @@
From 1477124fd2b94229fb3580dd74abaecf72095a5c Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Tue, 28 Jan 2025 16:41:28 +0100
Subject: [PATCH] Fix potential memory leaks
---
pappl-retrofit/pappl-retrofit.c | 10 +++++++---
pappl-retrofit/print-job.c | 4 ++++
pappl-retrofit/web-interface.c | 3 +++
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/pappl-retrofit/pappl-retrofit.c b/pappl-retrofit/pappl-retrofit.c
index b187bde..98b8b56 100644
--- a/pappl-retrofit/pappl-retrofit.c
+++ b/pappl-retrofit/pappl-retrofit.c
@@ -157,7 +157,7 @@ prBestMatchingPPD(const char *device_id, // I - IEEE-1284 device ID
{
if (regcomp(re, regex, REG_ICASE | REG_EXTENDED | REG_NOSUB))
{
- regfree(re);
+ free(re);
papplLog(global_data->system, PAPPL_LOGLEVEL_ERROR,
"Invalid regular expression: %s", regex);
continue;
@@ -334,7 +334,7 @@ prRegExMatchDevIDField(const char *device_id, // I - Device ID to search in
// Compile the regular expression
if (regcomp(re, value_regex, REG_ICASE | REG_EXTENDED | REG_NOSUB))
{
- regfree(re);
+ free(re);
ret = -3;
goto out;
}
@@ -365,6 +365,7 @@ prRegExMatchDevIDField(const char *device_id, // I - Device ID to search in
}
regfree(re);
+ free(re);
}
else
ret = -5;
@@ -3930,7 +3931,7 @@ _prSetupDriverList(pr_printer_app_global_data_t *global_data)
if (regcomp(driver_re, global_data->config->driver_display_regex,
REG_ICASE | REG_EXTENDED))
{
- regfree(driver_re);
+ free(driver_re);
driver_re = NULL;
papplLog(system, PAPPL_LOGLEVEL_ERROR,
"Invalid regular expression: %s",
@@ -4230,7 +4231,10 @@ _prSetupDriverList(pr_printer_app_global_data_t *global_data)
// Free the compiled regular expression
if (driver_re)
+ {
regfree(driver_re);
+ free(driver_re);
+ }
cupsArrayDelete(ppds);
diff --git a/pappl-retrofit/print-job.c b/pappl-retrofit/print-job.c
index 1fbd16f..3138590 100644
--- a/pappl-retrofit/print-job.c
+++ b/pappl-retrofit/print-job.c
@@ -996,6 +996,7 @@ _prFilter(
{
papplLogJob(job, PAPPL_LOGLEVEL_ERROR, "Unable to open input file '%s' for printing: %s",
filename, strerror(errno));
+ _prFreeJobData(job_data);
return (false);
}
@@ -1033,6 +1034,8 @@ _prFilter(
papplLogJob(job, PAPPL_LOGLEVEL_ERROR,
"No pre-filter found for input format %s",
informat);
+ _prFreeJobData(job_data);
+ close(fd);
return (false);
}
@@ -1655,6 +1658,7 @@ _prRasterPrepareJob(
"Unable to create pipe for filtering and sending off the job");
if (strlen(job_data->stream_filter) > 1)
free(ppd_filter_params);
+ _prFreeJobData(job_data);
return (NULL);
}
diff --git a/pappl-retrofit/web-interface.c b/pappl-retrofit/web-interface.c
index 6935aa0..5afc99c 100644
--- a/pappl-retrofit/web-interface.c
+++ b/pappl-retrofit/web-interface.c
@@ -1294,6 +1294,9 @@ _prSystemWebAddPPD(
// Flush remaining data...
if (httpGetState(http) == initial_state)
httpFlush(http);
+
+ if (fp)
+ fclose(fp);
}
strbuf[0] = '\0';
--
2.48.1

41
0001-Protect-_prASCII-from-negative-lengths.patch Normal file
View File

@ -0,0 +1,41 @@
From 63b2c618cf770de3338fe94fd910656cc3c6ec38 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Mon, 27 Jan 2025 15:46:19 +0100
Subject: [PATCH] Protect `_prASCII()` from negative lengths
---
pappl-retrofit/cups-backends.c | 2 +-
pappl-retrofit/print-job.c | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/pappl-retrofit/cups-backends.c b/pappl-retrofit/cups-backends.c
index 5cfd78c..4639449 100644
--- a/pappl-retrofit/cups-backends.c
+++ b/pappl-retrofit/cups-backends.c
@@ -470,7 +470,7 @@ _prCUPSDevList(pappl_device_cb_t cb,
//
backends[i].bytes += bytes;
- backends[i].buf[4095] = '\0';
+ backends[i].buf[4095] = '\0';
while ((newline = strchr(backends[i].buf, '\n')) != NULL)
{
// We have read at least one line
diff --git a/pappl-retrofit/print-job.c b/pappl-retrofit/print-job.c
index 115dd4b..1fbd16f 100644
--- a/pappl-retrofit/print-job.c
+++ b/pappl-retrofit/print-job.c
@@ -55,6 +55,10 @@ _prASCII85(FILE *outputfp,
static unsigned int num_remaining = 0;
+ // Prevent possible negative lengths...
+ if (length < 0)
+ return;
+
while (num_remaining + length > 0)
{
if (num_remaining > 0 || length < 4)
--
2.48.1

25
0001-cups-backends.c-Ensure-read-string-is-NULL-terminate.patch Normal file
View File

@ -0,0 +1,25 @@
From 1780a78ed0b40b7eef769346958b1148fa598be0 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Mon, 16 Dec 2024 14:48:15 +0100
Subject: [PATCH] cups-backends.c: Ensure read string is NULL-terminated
We read from external program output, make sure we use NULL terminator.
---
pappl-retrofit/cups-backends.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/pappl-retrofit/cups-backends.c b/pappl-retrofit/cups-backends.c
index 9ef3f4d..5cfd78c 100644
--- a/pappl-retrofit/cups-backends.c
+++ b/pappl-retrofit/cups-backends.c
@@ -470,6 +470,7 @@ _prCUPSDevList(pappl_device_cb_t cb,
//
backends[i].bytes += bytes;
+ backends[i].buf[4095] = '\0';
while ((newline = strchr(backends[i].buf, '\n')) != NULL)
{
// We have read at least one line
--
2.48.1

14
pappl-retrofit.spec
View File

@ -11,7 +11,7 @@
Name: pappl-retrofit
Version: 1.0b2
Release: 5%{?dist}
Release: 6%{?dist}
# the CUPS exception text is the same as LLVM exception, so using that name with
# agreement from legal team
# https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/message/A7GFSD6M3GYGSI32L2FC5KB22DUAEQI3/
@ -33,6 +33,15 @@ Patch002: 0001-Added-man-page-for-the-Legacy-Printer-Application.patch
Patch003: pappl-retrofit-use-after-free.patch
# https://github.com/OpenPrinting/pappl-retrofit/pull/27
Patch004: 0001-Use-PAPPL-configuration-options-from-file.patch
# https://github.com/OpenPrinting/pappl-retrofit/pull/28
# 0001-Fix-possible-unterminated-string.patch
# 0001-cups-backends.c-Ensure-read-string-is-NULL-terminate.patch
# 0001-Protect-_prASCII-from-negative-lengths.patch
# 0001-Fix-potential-memory-leaks.patch
Patch005: 0001-Fix-possible-unterminated-string.patch
Patch006: 0001-cups-backends.c-Ensure-read-string-is-NULL-terminate.patch
Patch007: 0001-Protect-_prASCII-from-negative-lengths.patch
Patch008: 0001-Fix-potential-memory-leaks.patch
# for autogen.sh - generating configure scripts
@ -181,6 +190,9 @@ make check
%{_mandir}/man1/legacy-printer-app.1.gz
%changelog
* Tue Jan 28 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1.0b2-6
- Fix Openscanhub issues (Resolves: RHEL-71659)
* Wed Dec 04 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1.0b2-5
- Initial commit on c10s
Resolves: RHEL-25298