[cups/f18] Prevent stringpool damage leading to memory leaks (bug #974048).
Tim Waugh
twaugh at fedoraproject.org
Thu Jun 13 11:33:37 UTC 2013
commit 1e7802c0b08f3abee4865eec57fc55c59afe4f4c
Author: Tim Waugh <twaugh at redhat.com>
Date: Thu Jun 13 11:58:55 2013 +0100
Prevent stringpool damage leading to memory leaks (bug #974048).
Resolves: rhbz#974048
cups-stringpool-setprinterattr.patch | 64 ++++++++++++++++++++++++++++++++++
cups.spec | 9 ++++-
2 files changed, 71 insertions(+), 2 deletions(-)
---
diff --git a/cups-stringpool-setprinterattr.patch b/cups-stringpool-setprinterattr.patch
new file mode 100644
index 0000000..ab3028a
--- /dev/null
+++ b/cups-stringpool-setprinterattr.patch
@@ -0,0 +1,64 @@
+diff -up cups-1.5.4/scheduler/printers.c.stringpool-setprinterattr cups-1.5.4/scheduler/printers.c
+--- cups-1.5.4/scheduler/printers.c.stringpool-setprinterattr 2013-06-13 10:40:43.607590350 +0100
++++ cups-1.5.4/scheduler/printers.c 2013-06-13 10:53:31.134919727 +0100
+@@ -2053,6 +2053,7 @@ cupsdSetPrinterAttr(
+ ipp_attribute_t *attr; /* Attribute */
+ int i, /* Looping var */
+ count; /* Number of values */
++ char *value_dup; /* Copy of attribute value string */
+ char *ptr, /* Pointer into value */
+ *start, /* Start of value */
+ quote; /* Quote character */
+@@ -2121,16 +2122,24 @@ cupsdSetPrinterAttr(
+ return;
+ }
+
+- for (i = 0; i < count; i ++)
++ if ((value_dup = strdup(value)) == NULL)
+ {
+- if ((ptr = strchr(value, ',')) != NULL)
++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to copy attribute value.");
++ return;
++ }
++
++ for (i = 0, start = value_dup; i < count; i ++)
++ {
++ if ((ptr = strchr(start, ',')) != NULL)
+ *ptr++ = '\0';
+
+- attr->values[i].integer = strtol(value, NULL, 10);
++ attr->values[i].integer = strtol(start, NULL, 10);
+
+ if (ptr)
+- value = ptr;
++ start = ptr;
+ }
++
++ free(value_dup);
+ }
+ else
+ {
+@@ -2171,7 +2180,13 @@ cupsdSetPrinterAttr(
+ return;
+ }
+
+- for (i = 0, quote = '\0', ptr = value; i < count; i ++)
++ if ((value_dup = strdup(value)) == NULL)
++ {
++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to copy attribute value.");
++ return;
++ }
++
++ for (i = 0, quote = '\0', ptr = value_dup; i < count; i ++)
+ {
+ for (start = ptr; *ptr; ptr ++)
+ {
+@@ -2199,6 +2214,8 @@ cupsdSetPrinterAttr(
+
+ attr->values[i].string.text = _cupsStrAlloc(start);
+ }
++
++ free(value_dup);
+ }
+ }
+
diff --git a/cups.spec b/cups.spec
index e734893..1cf2be5 100644
--- a/cups.spec
+++ b/cups.spec
@@ -12,7 +12,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.5.4
-Release: 27%{?dist}
+Release: 28%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -79,13 +79,13 @@ Patch43: cups-str4194.patch
Patch44: cups-r10638.patch
Patch45: cups-r10642.patch
Patch46: cups-str4190.patch
-
Patch47: cups-str4223.patch
Patch48: cups-str4125.patch
Patch49: cups-str4140.patch
Patch50: cups-str4187.patch
Patch51: cups-str4205.patch
+Patch52: cups-stringpool-setprinterattr.patch
Patch100: cups-lspp.patch
@@ -346,6 +346,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch50 -p1 -b .str4187
# Don't set auth-info-required all of the time (STR #4205)
%patch51 -p1 -b .str4205
+# Prevent stringpool damage leading to memory leaks (bug #974048).
+%patch52 -p1 -b .stringpool-setprinterattr
%if %lspp
# LSPP support.
@@ -763,6 +765,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
+* Thu Jun 13 2013 Tim Waugh <twaugh at redhat.com> 1:1.5.4-28
+- Prevent stringpool damage leading to memory leaks (bug #974048).
+
* Tue Apr 23 2013 Tim Waugh <twaugh at redhat.com> 1:1.5.4-27
- dnssd backend: don't crash if avahi gives a callback with no TXT
record (bug #927040).
More information about the scm-commits
mailing list