diff -up cups-filters-1.0.35/utils/cups-browsed.c.covscan cups-filters-1.0.35/utils/cups-browsed.c

--- cups-filters-1.0.35/utils/cups-browsed.c.covscan	2019-02-27 17:52:37.000000000 +0100

+++ cups-filters-1.0.35/utils/cups-browsed.c	2019-03-18 16:01:49.345858931 +0100

@@ -1934,7 +1934,10 @@ is_disabled(const char *printer, const c

 	  pstate = (ipp_pstate_t)ippGetInteger(attr, 0);

 	else if (!strcmp(ippGetName(attr), "printer-state-message") &&

 		 ippGetValueTag(attr) == IPP_TAG_TEXT) {

-	  free(pstatemsg);

+	  if (pstatemsg != NULL) {

+	    free(pstatemsg);

+	    pstatemsg = NULL;

+	  }

 	  p = ippGetString(attr, 0, NULL);

 	  if (p != NULL) pstatemsg = strdup(p);

 	}

@@ -1951,16 +1954,22 @@ is_disabled(const char *printer, const c

 	case IPP_PRINTER_IDLE:

 	case IPP_PRINTER_PROCESSING:

 	  ippDelete(response);

-	  free(pstatemsg);

+	  if (pstatemsg != NULL) {

+	    free(pstatemsg);

+	    pstatemsg = NULL;

+	  }

 	  return NULL;

 	case IPP_PRINTER_STOPPED:

 	  ippDelete(response);

 	  if (reason == NULL)

 	    return pstatemsg;

-	  else if (strcasestr(pstatemsg, reason) != NULL)

+	  else if (pstatemsg != NULL && (strcasestr(pstatemsg, reason) != NULL))

 	    return pstatemsg;

 	  else {

-	    free(pstatemsg);

+            if (pstatemsg != NULL) {

+                free(pstatemsg);

+                pstatemsg = NULL;

+            }

 	    return NULL;

 	  }

 	}

@@ -1969,12 +1978,18 @@ is_disabled(const char *printer, const c

     debug_printf("No information regarding enabled/disabled found about the requested printer '%s'\n",

 		 printer);

     ippDelete(response);

-    free(pstatemsg);

+    if (pstatemsg != NULL) {

+      free(pstatemsg);

+      pstatemsg = NULL;

+    }

     return NULL;

   }

   debug_printf("ERROR: Request for printer info failed: %s\n",

 	       cupsLastErrorString());

-  free(pstatemsg);

+  if (pstatemsg != NULL) {

+    free(pstatemsg);

+    pstatemsg = NULL;

+  }

   return NULL;

 }

@@ -3421,6 +3436,8 @@ gboolean handle_cups_queues(gpointer unu

       } else {

 	/* Device URI: ipp(s)://<remote host>:631/printers/<remote queue> */

 	strncpy(device_uri, p->uri, sizeof(device_uri));

+	if (strlen(p->uri) > HTTP_MAX_URI-1)

+	  device_uri[HTTP_MAX_URI-1] = '\0';

 	debug_printf("Print queue %s is for an IPP network printer, or we do not get notifications from CUPS, using direct device URI %s\n",

 		     p->name, device_uri);

       }

@@ -3529,6 +3546,8 @@ gboolean handle_cups_queues(gpointer unu

 	  } else if (!strncmp(line, "*Default", 8)) {

 	    cont_line_read = 0;

 	    strncpy(keyword, line + 8, sizeof(keyword));

+	    if ((strlen(line) + 8) > 1023)

+	      keyword[1023] = '\0';

 	    for (keyptr = keyword; *keyptr; keyptr ++)

 	      if (*keyptr == ':' || isspace(*keyptr & 255))

 		break;

@@ -5871,7 +5890,7 @@ read_configuration (const char *filename

      in the configuration file is used. */

   while ((i < cupsArrayCount(command_line_config) &&

 	  (value = cupsArrayIndex(command_line_config, i++)) &&

-	  strncpy(line, value, sizeof(line))) ||

+	  strncpy(line, value, sizeof(line)) && ((strlen(value) > HTTP_MAX_BUFFER-1)? line[HTTP_MAX_BUFFER-1] = '\0':  1)) ||

 	 cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) {

     if (linenum < 0) {

       /* We are still reading options from the command line ("-o ..."),

@@ -6098,6 +6117,7 @@ read_configuration (const char *filename

 	if (filter->cregexp)

 	  regfree(filter->cregexp);

 	free(filter);

+	filter = NULL;

       }

     } else if ((!strcasecmp(line, "BrowseInterval") || !strcasecmp(line, "BrowseTimeout")) && value) {

       int t = atoi(value);

@@ -6113,7 +6133,7 @@ read_configuration (const char *filename

 	debug_printf("Invalid %s value: %d\n",

 		     line, t);

     } else if (!strcasecmp(line, "DomainSocket") && value) {

-      if (value[0] != '\0')

+      if (DomainSocket == NULL && value[0] != '\0')

 	DomainSocket = strdup(value);

     } else if ((!strcasecmp(line, "HttpLocalTimeout") || !strcasecmp(line, "HttpRemoteTimeout")) && value) {

       int t = atoi(value);

@@ -6168,7 +6188,7 @@ read_configuration (const char *filename

       else if (!strncasecmp(value, "QueueOnServers", 14))

 	LoadBalancingType = QUEUE_ON_SERVERS;

     } else if (!strcasecmp(line, "DefaultOptions") && value) {

-      if (strlen(value) > 0)

+      if (DefaultOptions == NULL && strlen(value) > 0)

 	DefaultOptions = strdup(value);

     } else if (!strcasecmp(line, "AutoShutdown") && value) {

       char *p, *saveptr;

@@ -6537,6 +6557,8 @@ int main(int argc, char*argv[]) {

      daemon, not with remote ones. */

   if (getenv("CUPS_SERVER") != NULL) {

     strncpy(local_server_str, getenv("CUPS_SERVER"), sizeof(local_server_str));

+    if (strlen(getenv("CUPS_SERVER")) > 1023)

+      local_server_str[1023] = '\0';

   } else {

 #ifdef CUPS_DEFAULT_DOMAINSOCKET

     if (DomainSocket == NULL)

@@ -6876,6 +6898,11 @@ fail:

   /* Close log file if we have one */

   if (debug_logfile == 1)

     stop_debug_logging();

+  

+  if (DefaultOptions != NULL)

+    free(DefaultOptions);

+  if (DomainSocket != NULL)

+    free(DomainSocket);

   return ret;