You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
679 lines
23 KiB
679 lines
23 KiB
diff --git a/backend/beh.c b/backend/beh.c
|
|
index 9ba6613..7514e33 100644
|
|
--- a/backend/beh.c
|
|
+++ b/backend/beh.c
|
|
@@ -223,6 +223,8 @@ call_backend(char *uri, /* I - URI of final destination */
|
|
*/
|
|
|
|
strncpy(scheme, uri, sizeof(scheme));
|
|
+ if (strlen(uri) > 1023)
|
|
+ scheme[1023] = '\0';
|
|
if ((ptr = strchr(scheme, ':')) != NULL)
|
|
*ptr = '\0';
|
|
|
|
diff --git a/backend/implicitclass.c b/backend/implicitclass.c
|
|
index 3ce4d10..1593191 100644
|
|
--- a/backend/implicitclass.c
|
|
+++ b/backend/implicitclass.c
|
|
@@ -104,6 +104,8 @@ main(int argc, /* I - Number of command-line args */
|
|
}
|
|
ptr1 ++;
|
|
strncpy(queue_name, ptr1, sizeof(queue_name));
|
|
+ if (strlen(ptr1) > 1023)
|
|
+ queue_name[1023] = '\0';
|
|
httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL,
|
|
"localhost", ippPort(), "/printers/%s", queue_name);
|
|
job_id = argv[1];
|
|
@@ -162,6 +164,8 @@ main(int argc, /* I - Number of command-line args */
|
|
/* Read destination host name (or message) and check whether it is
|
|
complete (second double quote) */
|
|
strncpy(dest_host, ptr1, sizeof(dest_host));
|
|
+ if (strlen(ptr1) > 1023)
|
|
+ dest_host[1023] = '\0';
|
|
ptr1 = dest_host;
|
|
if ((ptr2 = strchr(ptr1, '"')) != NULL) {
|
|
*ptr2 = '\0';
|
|
diff --git a/cupsfilters/colormanager.c b/cupsfilters/colormanager.c
|
|
index 70074a3..a4a929d 100644
|
|
--- a/cupsfilters/colormanager.c
|
|
+++ b/cupsfilters/colormanager.c
|
|
@@ -272,6 +272,9 @@ _get_colord_profile(const char *printer_name, /* Dest name */
|
|
free(qualifier);
|
|
}
|
|
|
|
+ if (icc_profile != NULL)
|
|
+ free(icc_profile);
|
|
+
|
|
return is_profile_set;
|
|
|
|
}
|
|
@@ -325,8 +328,11 @@ _get_ppd_icc_fallback (ppd_file_t *ppd, char **qualifier)
|
|
if (attr->value[0] != '/')
|
|
snprintf(full_path, sizeof(full_path),
|
|
"%s/profiles/%s", CUPSDATA, attr->value);
|
|
- else
|
|
+ else {
|
|
strncpy(full_path, attr->value, sizeof(full_path));
|
|
+ if (strlen(attr->value) > 1023)
|
|
+ full_path[1023] = '\0';
|
|
+ }
|
|
|
|
/* check the file exists */
|
|
if (access(full_path, 0)) {
|
|
diff --git a/cupsfilters/image-sgilib.c b/cupsfilters/image-sgilib.c
|
|
index 0b70c13..bf2dd80 100644
|
|
--- a/cupsfilters/image-sgilib.c
|
|
+++ b/cupsfilters/image-sgilib.c
|
|
@@ -282,7 +282,7 @@ sgiOpenFile(FILE *file, /* I - File to open */
|
|
sgip->mode = SGI_WRITE;
|
|
|
|
putshort(SGI_MAGIC, sgip->file);
|
|
- putc((sgip->comp = comp) != 0, sgip->file);
|
|
+ putc(((sgip->comp = comp) != 0) ? '1': '0', sgip->file);
|
|
putc(sgip->bpp = bpp, sgip->file);
|
|
putshort(3, sgip->file); /* Dimensions */
|
|
putshort(sgip->xsize = xsize, sgip->file);
|
|
diff --git a/cupsfilters/image-sun.c b/cupsfilters/image-sun.c
|
|
index 609b194..989d039 100644
|
|
--- a/cupsfilters/image-sun.c
|
|
+++ b/cupsfilters/image-sun.c
|
|
@@ -114,6 +114,7 @@ _cupsImageReadSunRaster(
|
|
ras_depth == 0 || ras_depth > 32)
|
|
{
|
|
fputs("DEBUG: Raster image cannot be loaded!\n", stderr);
|
|
+ fclose(fp);
|
|
return (1);
|
|
}
|
|
|
|
diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c
|
|
index 052e3c5..3bc4d8a 100644
|
|
--- a/cupsfilters/ppdgenerator.c
|
|
+++ b/cupsfilters/ppdgenerator.c
|
|
@@ -937,6 +937,10 @@ load_opt_strings_catalog(const char *location, cups_array_t *options)
|
|
}
|
|
}
|
|
cupsFileClose(fp);
|
|
+ if (choice_name != NULL)
|
|
+ free(choice_name);
|
|
+ if (opt_name != NULL)
|
|
+ free(opt_name);
|
|
if (filename == tmpfile)
|
|
unlink(filename);
|
|
}
|
|
diff --git a/cupsfilters/raster.c b/cupsfilters/raster.c
|
|
index 8203690..67d6b9b 100644
|
|
--- a/cupsfilters/raster.c
|
|
+++ b/cupsfilters/raster.c
|
|
@@ -151,11 +151,14 @@ cupsRasterParseIPPOptions(cups_page_header2_t *h, /* I - Raster header */
|
|
strcasestr(s, "right") ||
|
|
strcasestr(s, "side") ||
|
|
strcasestr(s, "main"))
|
|
- media_source = strdup(s);
|
|
+ {
|
|
+ if (media_source == NULL)
|
|
+ media_source = strdup(s);
|
|
+ }
|
|
else
|
|
media_type = strdup(s);
|
|
}
|
|
- if (size_found)
|
|
+ if (page_size == NULL && size_found)
|
|
page_size = strdup(size_found->pwg);
|
|
}
|
|
}
|
|
@@ -1079,6 +1082,13 @@ cupsRasterParseIPPOptions(cups_page_header2_t *h, /* I - Raster header */
|
|
h->cupsRenderingIntent[0] = '\0';
|
|
#endif /* HAVE_CUPS_1_7 */
|
|
|
|
+ if (media_source != NULL)
|
|
+ free(media_source);
|
|
+ if (media_type != NULL)
|
|
+ free(media_type);
|
|
+ if (page_size != NULL)
|
|
+ free(page_size);
|
|
+
|
|
return (0);
|
|
}
|
|
|
|
diff --git a/filter/bannertopdf.c b/filter/bannertopdf.c
|
|
index b78ea37..2b9bd76 100644
|
|
--- a/filter/bannertopdf.c
|
|
+++ b/filter/bannertopdf.c
|
|
@@ -513,6 +513,15 @@ static int generate_banner_pdf(banner_t *banner,
|
|
pdf_duplicate_page(doc, 1, copies);
|
|
|
|
pdf_write(doc, stdout);
|
|
+
|
|
+ opt_t * opt_current = known_opts;
|
|
+ opt_t * opt_next = NULL;
|
|
+ while (opt_current != NULL)
|
|
+ {
|
|
+ opt_next = opt_current->next;
|
|
+ free(opt_current);
|
|
+ opt_current = opt_next;
|
|
+ }
|
|
free(buf);
|
|
pdf_free(doc);
|
|
return 0;
|
|
diff --git a/filter/foomatic-rip/foomaticrip.c b/filter/foomatic-rip/foomaticrip.c
|
|
index 2a642ed..13d2035 100644
|
|
--- a/filter/foomatic-rip/foomaticrip.c
|
|
+++ b/filter/foomatic-rip/foomaticrip.c
|
|
@@ -666,6 +666,11 @@ int print_file(const char *filename, int convert)
|
|
ret = print_file("<STDIN>", 0);
|
|
|
|
wait_for_process(renderer_pid);
|
|
+ if (in != NULL)
|
|
+ fclose(in);
|
|
+ if (out != NULL)
|
|
+ fclose(out);
|
|
+
|
|
return ret;
|
|
}
|
|
|
|
@@ -683,6 +688,8 @@ int print_file(const char *filename, int convert)
|
|
|
|
case UNKNOWN_FILE:
|
|
_log("Cannot process \"%s\": Unknown filetype.\n", filename);
|
|
+ if (file != NULL)
|
|
+ fclose(file);
|
|
return 0;
|
|
}
|
|
|
|
@@ -811,10 +818,14 @@ int main(int argc, char** argv)
|
|
|
|
if (getenv("PPD")) {
|
|
strncpy(job->ppdfile, getenv("PPD"), 2048);
|
|
+ if (strlen(getenv("PPD")) > 2047)
|
|
+ job->ppdfile[2047] = '\0';
|
|
spooler = SPOOLER_CUPS;
|
|
- if (getenv("CUPS_SERVERBIN"))
|
|
- strncpy(cupsfilterpath, getenv("CUPS_SERVERBIN"),
|
|
- sizeof(cupsfilterpath));
|
|
+ if (getenv("CUPS_SERVERBIN")) {
|
|
+ strncpy(cupsfilterpath, getenv("CUPS_SERVERBIN"), sizeof(cupsfilterpath));
|
|
+ if (strlen(getenv("CUPS_SERVERBIN")) > PATH_MAX-1)
|
|
+ cupsfilterpath[PATH_MAX-1] = '\0';
|
|
+ }
|
|
}
|
|
|
|
/* Check status of printer color management from the color manager */
|
|
@@ -834,10 +845,14 @@ int main(int argc, char** argv)
|
|
allow duplicates, and use the last specified one */
|
|
while ((str = arglist_get_value(arglist, "-p"))) {
|
|
strncpy(job->ppdfile, str, 2048);
|
|
+ if (strlen(str) > 2047)
|
|
+ job->ppdfile[2047] = '\0';
|
|
arglist_remove(arglist, "-p");
|
|
}
|
|
while ((str = arglist_get_value(arglist, "--ppd"))) {
|
|
strncpy(job->ppdfile, str, 2048);
|
|
+ if (strlen(str) > 2047)
|
|
+ job->ppdfile[2047] = '\0';
|
|
arglist_remove(arglist, "--ppd");
|
|
}
|
|
|
|
@@ -1020,6 +1035,7 @@ int main(int argc, char** argv)
|
|
cmd[0] = '\0';
|
|
|
|
snprintf(gstoraster, sizeof(gstoraster), "gs -dQUIET -dDEBUG -dPARANOIDSAFER -dNOPAUSE -dBATCH -dNOINTERPOLATE -dNOMEDIAATTRS -sDEVICE=cups -dShowAcroForm %s -sOutputFile=- -", cmd);
|
|
+ free(icc_profile);
|
|
}
|
|
|
|
/* build Ghostscript/CUPS driver command line */
|
|
diff --git a/filter/foomatic-rip/options.c b/filter/foomatic-rip/options.c
|
|
index 325a0a6..798ddf9 100644
|
|
--- a/filter/foomatic-rip/options.c
|
|
+++ b/filter/foomatic-rip/options.c
|
|
@@ -1031,12 +1031,10 @@ int option_set_value(option_t *opt, int optionset, const char *value)
|
|
/* TODO only set the changed option, not all of them */
|
|
choice = option_find_choice(fromopt,
|
|
option_get_value(fromopt, optionset));
|
|
-
|
|
composite_set_values(fromopt, optionset, choice->command);
|
|
- }
|
|
- else {
|
|
+ free(newvalue);
|
|
+ } else
|
|
val->value = newvalue;
|
|
- }
|
|
|
|
if (option_is_composite(opt)) {
|
|
/* set dependent values */
|
|
@@ -1914,6 +1912,8 @@ int ppd_supports_pdf()
|
|
if (startswith(cmd, "gs"))
|
|
{
|
|
strncpy(cmd_pdf, cmd, 4096);
|
|
+ if (strlen(cmd) > 4095)
|
|
+ cmd_pdf[4095] = '\0';
|
|
return 1;
|
|
}
|
|
|
|
diff --git a/filter/foomatic-rip/spooler.c b/filter/foomatic-rip/spooler.c
|
|
index 236551f..4f27563 100644
|
|
--- a/filter/foomatic-rip/spooler.c
|
|
+++ b/filter/foomatic-rip/spooler.c
|
|
@@ -94,6 +94,8 @@ void init_cups(list_t *arglist, dstr_t *filelist, jobparams_t *job)
|
|
CUPS puts the print queue name into the PRINTER environment variable
|
|
when calling filters. */
|
|
strncpy(job->printer, getenv("PRINTER"), 256);
|
|
+ if (strlen(getenv("PRINTER")) > 255)
|
|
+ job->printer[255] = '\0';
|
|
|
|
free(cups_options);
|
|
}
|
|
diff --git a/filter/pdftops.c b/filter/pdftops.c
|
|
index 55d2ec1..a648444 100644
|
|
--- a/filter/pdftops.c
|
|
+++ b/filter/pdftops.c
|
|
@@ -427,6 +427,8 @@ main(int argc, /* I - Number of command-line args */
|
|
if ((val = cupsGetOption("make-and-model", num_options, options)) != NULL)
|
|
{
|
|
strncpy(make_model, val, sizeof(make_model));
|
|
+ if (strlen(val) > 127)
|
|
+ make_model[127] = '\0';
|
|
for (ptr = make_model; *ptr; ptr ++)
|
|
if (*ptr == '-') *ptr = ' ';
|
|
}
|
|
diff --git a/filter/pdftoraster.cxx b/filter/pdftoraster.cxx
|
|
index 4cd656a..0c63ab8 100644
|
|
--- a/filter/pdftoraster.cxx
|
|
+++ b/filter/pdftoraster.cxx
|
|
@@ -558,8 +558,10 @@ static void parseOpts(int argc, char **argv)
|
|
if (!cm_disabled)
|
|
cmGetPrinterIccProfile(getenv("PRINTER"), &profile, ppd);
|
|
|
|
- if (profile != NULL)
|
|
- colorProfile = cmsOpenProfileFromFile(profile,"r");
|
|
+ if (profile != NULL) {
|
|
+ colorProfile = cmsOpenProfileFromFile(profile,"r");
|
|
+ free(profile);
|
|
+ }
|
|
|
|
#ifdef HAVE_CUPS_1_7
|
|
if ((attr = ppdFindAttr(ppd,"PWGRaster",0)) != 0 &&
|
|
diff --git a/filter/rastertoescpx.c b/filter/rastertoescpx.c
|
|
index 5a3e5df..a0ec416 100644
|
|
--- a/filter/rastertoescpx.c
|
|
+++ b/filter/rastertoescpx.c
|
|
@@ -1141,7 +1141,10 @@ EndPage(ppd_file_t *ppd, /* I - PPD file */
|
|
}
|
|
}
|
|
else
|
|
+ {
|
|
free(DotBuffers[0]);
|
|
+ DotBuffers[0] = NULL;
|
|
+ }
|
|
|
|
/*
|
|
* Output a page eject sequence...
|
|
@@ -1440,7 +1443,7 @@ CompressData(ppd_file_t *ppd, /* I - PPD file information */
|
|
|
|
printf("\033i");
|
|
putchar(ctable[PrinterPlanes - 1][plane]);
|
|
- putchar(type != 0);
|
|
+ putchar((type != 0) ? '1': '0');
|
|
putchar(BitPlanes);
|
|
putchar(bytes & 255);
|
|
putchar(bytes >> 8);
|
|
@@ -1470,7 +1473,7 @@ CompressData(ppd_file_t *ppd, /* I - PPD file information */
|
|
bytes *= 8;
|
|
|
|
printf("\033.");
|
|
- putchar(type != 0);
|
|
+ putchar((type != 0) ? '1': '0');
|
|
putchar(ystep);
|
|
putchar(xstep);
|
|
putchar(rows);
|
|
@@ -1907,6 +1910,10 @@ main(int argc, /* I - Number of command-line arguments */
|
|
if (fd != 0)
|
|
close(fd);
|
|
|
|
+ for (int i = 0; i < 7; i++)
|
|
+ if (DotBuffers[i] != NULL)
|
|
+ free(DotBuffers[i]);
|
|
+
|
|
return (page == 0);
|
|
}
|
|
|
|
diff --git a/filter/rastertops.c b/filter/rastertops.c
|
|
index d5d955b..531eb70 100644
|
|
--- a/filter/rastertops.c
|
|
+++ b/filter/rastertops.c
|
|
@@ -282,6 +282,8 @@ write_flate(cups_raster_t *ras, /* I - Image data */
|
|
if (fwrite(out, 1, have, stdout) != have)
|
|
{
|
|
(void)deflateEnd(&strm);
|
|
+ if (convertedpix != NULL)
|
|
+ free(convertedpix);
|
|
return Z_ERRNO;
|
|
}
|
|
} while (strm.avail_out == 0);
|
|
diff --git a/filter/sys5ippprinter.c b/filter/sys5ippprinter.c
|
|
index ad75551..9a92c8e 100644
|
|
--- a/filter/sys5ippprinter.c
|
|
+++ b/filter/sys5ippprinter.c
|
|
@@ -570,6 +570,8 @@ exec_filter(const char *filter, /* I - Filter to execute */
|
|
dup2(fd, 2);
|
|
close(fd);
|
|
}
|
|
+ else
|
|
+ close(fd);
|
|
fcntl(2, F_SETFL, O_NDELAY);
|
|
}
|
|
|
|
@@ -578,6 +580,8 @@ exec_filter(const char *filter, /* I - Filter to execute */
|
|
dup2(fd, 3);
|
|
close(fd);
|
|
}
|
|
+ else
|
|
+ close(fd);
|
|
fcntl(3, F_SETFL, O_NDELAY);
|
|
|
|
if ((fd = open("/dev/null", O_RDWR)) > 4)
|
|
@@ -585,6 +589,8 @@ exec_filter(const char *filter, /* I - Filter to execute */
|
|
dup2(fd, 4);
|
|
close(fd);
|
|
}
|
|
+ else
|
|
+ close(fd);
|
|
fcntl(4, F_SETFL, O_NDELAY);
|
|
|
|
/*
|
|
@@ -654,8 +660,11 @@ exec_filters(cups_array_t *filters, /* I - Array of filters to run */
|
|
{
|
|
next = (char *)cupsArrayNext(filters);
|
|
|
|
- if (filter[0] == '/')
|
|
+ if (filter[0] == '/') {
|
|
strncpy(program, filter, sizeof(program));
|
|
+ if (strlen(filter) > 1023)
|
|
+ program[1023] = '\0';
|
|
+ }
|
|
else
|
|
{
|
|
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
|
|
diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c
|
|
index a2a4a08..19a2ac8 100644
|
|
--- a/utils/cups-browsed.c
|
|
+++ b/utils/cups-browsed.c
|
|
@@ -2245,7 +2245,10 @@ is_disabled(const char *printer, const char *reason) {
|
|
pstate = (ipp_pstate_t)ippGetInteger(attr, 0);
|
|
else if (!strcmp(ippGetName(attr), "printer-state-message") &&
|
|
ippGetValueTag(attr) == IPP_TAG_TEXT) {
|
|
- free(pstatemsg);
|
|
+ if (pstatemsg != NULL) {
|
|
+ free(pstatemsg);
|
|
+ pstatemsg = NULL;
|
|
+ }
|
|
p = ippGetString(attr, 0, NULL);
|
|
if (p != NULL) pstatemsg = strdup(p);
|
|
}
|
|
@@ -2262,16 +2265,22 @@ is_disabled(const char *printer, const char *reason) {
|
|
case IPP_PRINTER_IDLE:
|
|
case IPP_PRINTER_PROCESSING:
|
|
ippDelete(response);
|
|
- free(pstatemsg);
|
|
+ if (pstatemsg != NULL) {
|
|
+ free(pstatemsg);
|
|
+ pstatemsg = NULL;
|
|
+ }
|
|
return NULL;
|
|
case IPP_PRINTER_STOPPED:
|
|
ippDelete(response);
|
|
if (reason == NULL)
|
|
return pstatemsg;
|
|
- else if (strcasestr(pstatemsg, reason) != NULL)
|
|
+ else if (pstatemsg != NULL && (strcasestr(pstatemsg, reason) != NULL))
|
|
return pstatemsg;
|
|
else {
|
|
- free(pstatemsg);
|
|
+ if (pstatemsg != NULL) {
|
|
+ free(pstatemsg);
|
|
+ pstatemsg = NULL;
|
|
+ }
|
|
return NULL;
|
|
}
|
|
}
|
|
@@ -2280,12 +2289,18 @@ is_disabled(const char *printer, const char *reason) {
|
|
debug_printf("No information regarding enabled/disabled found about the requested printer '%s'\n",
|
|
printer);
|
|
ippDelete(response);
|
|
- free(pstatemsg);
|
|
+ if (pstatemsg != NULL) {
|
|
+ free(pstatemsg);
|
|
+ pstatemsg = NULL;
|
|
+ }
|
|
return NULL;
|
|
}
|
|
debug_printf("ERROR: Request for printer info failed: %s\n",
|
|
cupsLastErrorString());
|
|
- free(pstatemsg);
|
|
+ if (pstatemsg != NULL) {
|
|
+ free(pstatemsg);
|
|
+ pstatemsg = NULL;
|
|
+ }
|
|
return NULL;
|
|
}
|
|
|
|
@@ -3040,6 +3055,8 @@ on_printer_state_changed (CupsNotifier *object,
|
|
dest_host = p->ip ? p->ip : p->host;
|
|
dest_port = p->port;
|
|
strncpy(dest_name, remote_cups_queue, sizeof(dest_name));
|
|
+ if (strlen(remote_cups_queue) > 1023)
|
|
+ dest_name[1023] = '\0';
|
|
dest_index = i;
|
|
debug_printf("Printer %s on host %s, port %d is idle, take this as destination and stop searching.\n",
|
|
remote_cups_queue, p->host, p->port);
|
|
@@ -3056,8 +3073,9 @@ on_printer_state_changed (CupsNotifier *object,
|
|
min_jobs = num_jobs;
|
|
dest_host = p->ip ? p->ip : p->host;
|
|
dest_port = p->port;
|
|
- strncpy(dest_name, remote_cups_queue,
|
|
- sizeof(dest_name));
|
|
+ strncpy(dest_name, remote_cups_queue, sizeof(dest_name));
|
|
+ if (strlen(remote_cups_queue) > 1023)
|
|
+ dest_name[1023] = '\0';
|
|
dest_index = i;
|
|
}
|
|
debug_printf("Printer %s on host %s, port %d is printing and it has %d jobs.\n",
|
|
@@ -3566,8 +3584,9 @@ create_remote_printer_entry (const char *queue_name,
|
|
IPP_TAG_KEYWORD)) != NULL) {
|
|
debug_printf(" Attr: %s\n", ippGetName(attr));
|
|
for (i = 0; i < ippGetCount(attr); i ++) {
|
|
- strncpy(valuebuffer, ippGetString(attr, i, NULL),
|
|
- sizeof(valuebuffer));
|
|
+ strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
|
|
+ if (strlen(ippGetString(attr, i, NULL)) > 65535)
|
|
+ valuebuffer[65535] = '\0';
|
|
debug_printf(" Keyword: %s\n", valuebuffer);
|
|
if (valuebuffer[0] > '1')
|
|
break;
|
|
@@ -3598,8 +3617,9 @@ create_remote_printer_entry (const char *queue_name,
|
|
debug_printf(" Value: %s\n", valuebuffer);
|
|
if (valuebuffer[0] == '\0') {
|
|
for (i = 0; i < ippGetCount(attr); i ++) {
|
|
- strncpy(valuebuffer, ippGetString(attr, i, NULL),
|
|
- sizeof(valuebuffer));
|
|
+ strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
|
|
+ if (strlen(ippGetString(attr, i, NULL)) > 65535)
|
|
+ valuebuffer[65535] = '\0';
|
|
debug_printf(" Keyword: %s\n", valuebuffer);
|
|
if (valuebuffer[0] != '\0')
|
|
break;
|
|
@@ -3629,8 +3649,9 @@ create_remote_printer_entry (const char *queue_name,
|
|
debug_printf(" Value: %s\n", valuebuffer);
|
|
if (valuebuffer[0] == '\0') {
|
|
for (i = 0; i < ippGetCount(attr); i ++) {
|
|
- strncpy(valuebuffer, ippGetString(attr, i, NULL),
|
|
- sizeof(valuebuffer));
|
|
+ strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
|
|
+ if (strlen(ippGetString(attr, i, NULL)) > 65535)
|
|
+ valuebuffer[65535] = '\0';
|
|
debug_printf(" Keyword: %s\n", valuebuffer);
|
|
if (valuebuffer[0] != '\0')
|
|
break;
|
|
@@ -3663,8 +3684,9 @@ create_remote_printer_entry (const char *queue_name,
|
|
debug_printf(" Value: %s\n", p->queue_name, valuebuffer);
|
|
if (valuebuffer[0] == '\0') {
|
|
for (i = 0; i < ippGetCount(attr); i ++) {
|
|
- strncpy(valuebuffer, ippGetString(attr, i, NULL),
|
|
- sizeof(valuebuffer));
|
|
+ strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
|
|
+ if (strlen(ippGetString(attr, i, NULL)) > 65535)
|
|
+ valuebuffer[65535] = '\0';
|
|
debug_printf(" Keyword: %s\n", valuebuffer);
|
|
if (valuebuffer[0] != '\0')
|
|
break;
|
|
@@ -4498,6 +4520,8 @@ gboolean update_cups_queues(gpointer unused) {
|
|
} else {
|
|
/* Device URI: ipp(s)://<remote host>:631/printers/<remote queue> */
|
|
strncpy(device_uri, p->uri, sizeof(device_uri));
|
|
+ if (strlen(p->uri) > HTTP_MAX_URI-1)
|
|
+ device_uri[HTTP_MAX_URI-1] = '\0';
|
|
debug_printf("Print queue %s is for an IPP network printer, or we do not get notifications from CUPS, using direct device URI %s\n",
|
|
p->queue_name, device_uri);
|
|
}
|
|
@@ -4606,6 +4630,8 @@ gboolean update_cups_queues(gpointer unused) {
|
|
} else if (!strncmp(line, "*Default", 8)) {
|
|
cont_line_read = 0;
|
|
strncpy(keyword, line + 8, sizeof(keyword));
|
|
+ if ((strlen(line) + 8) > 1023)
|
|
+ keyword[1023] = '\0';
|
|
for (keyptr = keyword; *keyptr; keyptr ++)
|
|
if (*keyptr == ':' || isspace(*keyptr & 255))
|
|
break;
|
|
@@ -7144,7 +7170,7 @@ read_configuration (const char *filename)
|
|
in the configuration file is used. */
|
|
while ((i < cupsArrayCount(command_line_config) &&
|
|
(value = cupsArrayIndex(command_line_config, i++)) &&
|
|
- strncpy(line, value, sizeof(line))) ||
|
|
+ strncpy(line, value, sizeof(line)) && ((strlen(value) > HTTP_MAX_BUFFER-1)? line[HTTP_MAX_BUFFER-1] = '\0': 1)) ||
|
|
cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) {
|
|
if (linenum < 0) {
|
|
/* We are still reading options from the command line ("-o ..."),
|
|
@@ -7371,6 +7397,7 @@ read_configuration (const char *filename)
|
|
if (filter->cregexp)
|
|
regfree(filter->cregexp);
|
|
free(filter);
|
|
+ filter = NULL;
|
|
}
|
|
} else if ((!strcasecmp(line, "BrowseInterval") || !strcasecmp(line, "BrowseTimeout")) && value) {
|
|
int t = atoi(value);
|
|
@@ -7386,8 +7413,11 @@ read_configuration (const char *filename)
|
|
debug_printf("Invalid %s value: %d\n",
|
|
line, t);
|
|
} else if (!strcasecmp(line, "DomainSocket") && value) {
|
|
- if (value[0] != '\0')
|
|
+ if (value[0] != '\0') {
|
|
+ if (DomainSocket != NULL)
|
|
+ free(DomainSocket);
|
|
DomainSocket = strdup(value);
|
|
+ }
|
|
} else if ((!strcasecmp(line, "HttpLocalTimeout") || !strcasecmp(line, "HttpRemoteTimeout")) && value) {
|
|
int t = atoi(value);
|
|
if (t >= 0) {
|
|
@@ -7555,6 +7585,10 @@ read_configuration (const char *filename)
|
|
}
|
|
}
|
|
cupsArrayAdd (clusters, cluster);
|
|
+ if (start != NULL) {
|
|
+ free(start);
|
|
+ start = NULL;
|
|
+ }
|
|
continue;
|
|
cluster_fail:
|
|
if (cluster) {
|
|
@@ -7568,6 +7602,11 @@ read_configuration (const char *filename)
|
|
cupsArrayDelete (cluster->members);
|
|
}
|
|
free(cluster);
|
|
+ cluster = NULL;
|
|
+ }
|
|
+ if (start != NULL) {
|
|
+ free(start);
|
|
+ start = NULL;
|
|
}
|
|
} else if (!strcasecmp(line, "LoadBalancing") && value) {
|
|
if (!strncasecmp(value, "QueueOnClient", 13))
|
|
@@ -7575,7 +7614,7 @@ read_configuration (const char *filename)
|
|
else if (!strncasecmp(value, "QueueOnServers", 14))
|
|
LoadBalancingType = QUEUE_ON_SERVERS;
|
|
} else if (!strcasecmp(line, "DefaultOptions") && value) {
|
|
- if (strlen(value) > 0)
|
|
+ if (DefaultOptions == NULL && strlen(value) > 0)
|
|
DefaultOptions = strdup(value);
|
|
} else if (!strcasecmp(line, "AutoShutdown") && value) {
|
|
char *p, *saveptr;
|
|
@@ -7949,10 +7988,12 @@ int main(int argc, char*argv[]) {
|
|
daemon, not with remote ones. */
|
|
if (getenv("CUPS_SERVER") != NULL) {
|
|
strncpy(local_server_str, getenv("CUPS_SERVER"), sizeof(local_server_str));
|
|
+ if (strlen(getenv("CUPS_SERVER")) > 1023)
|
|
+ local_server_str[1023] = '\0';
|
|
} else {
|
|
#ifdef CUPS_DEFAULT_DOMAINSOCKET
|
|
if (DomainSocket == NULL)
|
|
- DomainSocket = CUPS_DEFAULT_DOMAINSOCKET;
|
|
+ DomainSocket = strdup(CUPS_DEFAULT_DOMAINSOCKET);
|
|
#endif
|
|
if (DomainSocket != NULL) {
|
|
struct stat sockinfo; /* Domain socket information */
|
|
@@ -8293,6 +8334,11 @@ fail:
|
|
if (debug_logfile == 1)
|
|
stop_debug_logging();
|
|
|
|
+ if (DefaultOptions != NULL)
|
|
+ free(DefaultOptions);
|
|
+ if (DomainSocket != NULL)
|
|
+ free(DomainSocket);
|
|
+
|
|
return ret;
|
|
|
|
help:
|
|
diff --git a/utils/driverless.c b/utils/driverless.c
|
|
index 7fc6dae..fe61e58 100644
|
|
--- a/utils/driverless.c
|
|
+++ b/utils/driverless.c
|
|
@@ -227,12 +227,16 @@ list_printers (int mode)
|
|
|
|
if (txt_usb_mfg[0] != '\0') {
|
|
strncpy(make, txt_usb_mfg, sizeof(make));
|
|
+ if (strlen(txt_usb_mfg) > 511)
|
|
+ make[511] = '\0';
|
|
ptr = device_id + strlen(device_id);
|
|
snprintf(ptr, sizeof(device_id) - (size_t)(ptr - device_id),
|
|
"MFG:%s;", txt_usb_mfg);
|
|
}
|
|
if (txt_usb_mdl[0] != '\0') {
|
|
strncpy(model, txt_usb_mdl, sizeof(model));
|
|
+ if (strlen(txt_usb_mdl) > 255)
|
|
+ model[255] = '\0';
|
|
ptr = device_id + strlen(device_id);
|
|
snprintf(ptr, sizeof(device_id) - (size_t)(ptr - device_id),
|
|
"MDL:%s;", txt_usb_mdl);
|
|
@@ -243,15 +247,22 @@ list_printers (int mode)
|
|
*ptr == ')')
|
|
*ptr = '\0';
|
|
strncpy(model, txt_product + 1, sizeof(model));
|
|
+ if ((strlen(txt_product) + 1) > 255)
|
|
+ model[255] = '\0';
|
|
} else
|
|
strncpy(model, txt_product, sizeof(model));
|
|
} else if (txt_ty[0] != '\0') {
|
|
strncpy(model, txt_ty, sizeof(model));
|
|
+ if (strlen(txt_ty) > 255)
|
|
+ model[255] = '\0';
|
|
if ((ptr = strchr(model, ',')) != NULL)
|
|
*ptr = '\0';
|
|
}
|
|
- if (txt_pdl[0] != '\0')
|
|
+ if (txt_pdl[0] != '\0') {
|
|
strncpy(pdl, txt_pdl, sizeof(pdl));
|
|
+ if (strlen(txt_pdl) > 255)
|
|
+ pdl[255] = '\0';
|
|
+ }
|
|
|
|
if (!device_id[0] && strcasecmp(model, "Unknown")) {
|
|
if (make[0])
|