diff --git a/cups-stringpool-setprinterattr.patch b/cups-stringpool-setprinterattr.patch new file mode 100644 index 0000000..a7710dc --- /dev/null +++ b/cups-stringpool-setprinterattr.patch @@ -0,0 +1,64 @@ +diff -up cups-1.7b1/scheduler/printers.c.stringpool-setprinterattr cups-1.7b1/scheduler/printers.c +--- cups-1.7b1/scheduler/printers.c.stringpool-setprinterattr 2013-06-13 12:18:04.678129506 +0100 ++++ cups-1.7b1/scheduler/printers.c 2013-06-13 12:18:04.721129670 +0100 +@@ -1881,6 +1881,7 @@ cupsdSetPrinterAttr( + ipp_attribute_t *attr; /* Attribute */ + int i, /* Looping var */ + count; /* Number of values */ ++ char *value_dup; /* Copy of attribute value string */ + char *ptr, /* Pointer into value */ + *start, /* Start of value */ + quote; /* Quote character */ +@@ -1949,16 +1950,24 @@ cupsdSetPrinterAttr( + return; + } + +- for (i = 0; i < count; i ++) ++ if ((value_dup = strdup(value)) == NULL) + { +- if ((ptr = strchr(value, ',')) != NULL) ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to copy attribute value."); ++ return; ++ } ++ ++ for (i = 0, start = value_dup; i < count; i ++) ++ { ++ if ((ptr = strchr(start, ',')) != NULL) + *ptr++ = '\0'; + +- attr->values[i].integer = strtol(value, NULL, 10); ++ attr->values[i].integer = strtol(start, NULL, 10); + + if (ptr) +- value = ptr; ++ start = ptr; + } ++ ++ free(value_dup); + } + else + { +@@ -1999,7 +2008,13 @@ cupsdSetPrinterAttr( + return; + } + +- for (i = 0, quote = '\0', ptr = value; i < count; i ++) ++ if ((value_dup = strdup(value)) == NULL) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to copy attribute value."); ++ return; ++ } ++ ++ for (i = 0, quote = '\0', ptr = value_dup; i < count; i ++) + { + for (start = ptr; *ptr; ptr ++) + { +@@ -2027,6 +2042,8 @@ cupsdSetPrinterAttr( + + attr->values[i].string.text = _cupsStrAlloc(start); + } ++ ++ free(value_dup); + } + } + diff --git a/cups.spec b/cups.spec index 3d8e69d..f4caa1d 100644 --- a/cups.spec +++ b/cups.spec @@ -14,7 +14,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 1.7 -Release: 0.4.%{prever}%{?dist} +Release: 0.5.%{prever}%{?dist} License: GPLv2 Group: System Environment/Daemons Url: http://www.cups.org/ @@ -60,6 +60,7 @@ Patch26: cups-lpd-manpage.patch Patch27: cups-avahi-address.patch Patch28: cups-17b1-va_list.patch Patch29: cups-enum-all.patch +Patch30: cups-stringpool-setprinterattr.patch Patch100: cups-lspp.patch @@ -233,6 +234,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch28 -p1 -b .va_list # Return from cupsEnumDests() once all records have been returned. %patch29 -p1 -b .enum-all +# Prevent stringpool damage leading to memory leaks (bug #974048). +%patch30 -p1 -b .stringpool-setprinterattr %if %lspp # LSPP support. @@ -634,6 +637,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Thu Jun 13 2013 Tim Waugh 1:1.7-0.5.b1 +- Prevent stringpool damage leading to memory leaks (bug #974048). + * Tue Jun 4 2013 Tim Waugh - 1:1.7-0.4.b1 - Return from cupsEnumDests() once all records have been returned.