rpms / cups-filters

Clone
Source Code
GIT

Files

c7-beta
  1.   c7-beta
  2.   SOURCES
  3.   0001-Fixing-covscan-issues.patch
Blob Blame History Raw 
diff -up cups-filters-1.0.35/utils/cups-browsed.c.covscan cups-filters-1.0.35/utils/cups-browsed.c
--- cups-filters-1.0.35/utils/cups-browsed.c.covscan	2019-02-27 17:52:37.000000000 +0100
+++ cups-filters-1.0.35/utils/cups-browsed.c	2019-03-18 16:01:49.345858931 +0100
@@ -1934,7 +1934,10 @@ is_disabled(const char *printer, const c
 	  pstate = (ipp_pstate_t)ippGetInteger(attr, 0);
 	else if (!strcmp(ippGetName(attr), "printer-state-message") &&
 		 ippGetValueTag(attr) == IPP_TAG_TEXT) {
-	  free(pstatemsg);
+	  if (pstatemsg != NULL) {
+	    free(pstatemsg);
+	    pstatemsg = NULL;
+	  }
 	  p = ippGetString(attr, 0, NULL);
 	  if (p != NULL) pstatemsg = strdup(p);
 	}
@@ -1951,16 +1954,22 @@ is_disabled(const char *printer, const c
 	case IPP_PRINTER_IDLE:
 	case IPP_PRINTER_PROCESSING:
 	  ippDelete(response);
-	  free(pstatemsg);
+	  if (pstatemsg != NULL) {
+	    free(pstatemsg);
+	    pstatemsg = NULL;
+	  }
 	  return NULL;
 	case IPP_PRINTER_STOPPED:
 	  ippDelete(response);
 	  if (reason == NULL)
 	    return pstatemsg;
-	  else if (strcasestr(pstatemsg, reason) != NULL)
+	  else if (pstatemsg != NULL && (strcasestr(pstatemsg, reason) != NULL))
 	    return pstatemsg;
 	  else {
-	    free(pstatemsg);
+            if (pstatemsg != NULL) {
+                free(pstatemsg);
+                pstatemsg = NULL;
+            }
 	    return NULL;
 	  }
 	}
@@ -1969,12 +1978,18 @@ is_disabled(const char *printer, const c
     debug_printf("No information regarding enabled/disabled found about the requested printer '%s'\n",
 		 printer);
     ippDelete(response);
-    free(pstatemsg);
+    if (pstatemsg != NULL) {
+      free(pstatemsg);
+      pstatemsg = NULL;
+    }
     return NULL;
   }
   debug_printf("ERROR: Request for printer info failed: %s\n",
 	       cupsLastErrorString());
-  free(pstatemsg);
+  if (pstatemsg != NULL) {
+    free(pstatemsg);
+    pstatemsg = NULL;
+  }
   return NULL;
 }
 
@@ -3421,6 +3436,8 @@ gboolean handle_cups_queues(gpointer unu
       } else {
 	/* Device URI: ipp(s)://<remote host>:631/printers/<remote queue> */
 	strncpy(device_uri, p->uri, sizeof(device_uri));
+	if (strlen(p->uri) > HTTP_MAX_URI-1)
+	  device_uri[HTTP_MAX_URI-1] = '\0';
 	debug_printf("Print queue %s is for an IPP network printer, or we do not get notifications from CUPS, using direct device URI %s\n",
 		     p->name, device_uri);
       }
@@ -3529,6 +3546,8 @@ gboolean handle_cups_queues(gpointer unu
 	  } else if (!strncmp(line, "*Default", 8)) {
 	    cont_line_read = 0;
 	    strncpy(keyword, line + 8, sizeof(keyword));
+	    if ((strlen(line) + 8) > 1023)
+	      keyword[1023] = '\0';
 	    for (keyptr = keyword; *keyptr; keyptr ++)
 	      if (*keyptr == ':' || isspace(*keyptr & 255))
 		break;
@@ -5871,7 +5890,7 @@ read_configuration (const char *filename
      in the configuration file is used. */
   while ((i < cupsArrayCount(command_line_config) &&
 	  (value = cupsArrayIndex(command_line_config, i++)) &&
-	  strncpy(line, value, sizeof(line))) ||
+	  strncpy(line, value, sizeof(line)) && ((strlen(value) > HTTP_MAX_BUFFER-1)? line[HTTP_MAX_BUFFER-1] = '\0':  1)) ||
 	 cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) {
     if (linenum < 0) {
       /* We are still reading options from the command line ("-o ..."),
@@ -6098,6 +6117,7 @@ read_configuration (const char *filename
 	if (filter->cregexp)
 	  regfree(filter->cregexp);
 	free(filter);
+	filter = NULL;
       }
     } else if ((!strcasecmp(line, "BrowseInterval") || !strcasecmp(line, "BrowseTimeout")) && value) {
       int t = atoi(value);
@@ -6113,7 +6133,7 @@ read_configuration (const char *filename
 	debug_printf("Invalid %s value: %d\n",
 		     line, t);
     } else if (!strcasecmp(line, "DomainSocket") && value) {
-      if (value[0] != '\0')
+      if (DomainSocket == NULL && value[0] != '\0')
 	DomainSocket = strdup(value);
     } else if ((!strcasecmp(line, "HttpLocalTimeout") || !strcasecmp(line, "HttpRemoteTimeout")) && value) {
       int t = atoi(value);
@@ -6168,7 +6188,7 @@ read_configuration (const char *filename
       else if (!strncasecmp(value, "QueueOnServers", 14))
 	LoadBalancingType = QUEUE_ON_SERVERS;
     } else if (!strcasecmp(line, "DefaultOptions") && value) {
-      if (strlen(value) > 0)
+      if (DefaultOptions == NULL && strlen(value) > 0)
 	DefaultOptions = strdup(value);
     } else if (!strcasecmp(line, "AutoShutdown") && value) {
       char *p, *saveptr;
@@ -6537,6 +6557,8 @@ int main(int argc, char*argv[]) {
      daemon, not with remote ones. */
   if (getenv("CUPS_SERVER") != NULL) {
     strncpy(local_server_str, getenv("CUPS_SERVER"), sizeof(local_server_str));
+    if (strlen(getenv("CUPS_SERVER")) > 1023)
+      local_server_str[1023] = '\0';
   } else {
 #ifdef CUPS_DEFAULT_DOMAINSOCKET
     if (DomainSocket == NULL)
@@ -6876,6 +6898,11 @@ fail:
   /* Close log file if we have one */
   if (debug_logfile == 1)
     stop_debug_logging();
+  
+  if (DefaultOptions != NULL)
+    free(DefaultOptions);
+  if (DomainSocket != NULL)
+    free(DomainSocket);
 
   return ret;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation