Blob Blame Raw
diff -up cups-1.4.6/backend/ieee1284.c.usb-parallel cups-1.4.6/backend/ieee1284.c
--- cups-1.4.6/backend/ieee1284.c.usb-parallel	2010-04-10 00:42:09.000000000 +0200
+++ cups-1.4.6/backend/ieee1284.c	2011-02-01 16:13:44.000000000 +0100
@@ -55,7 +55,7 @@ backendGetDeviceID(
 #  if defined(__sun) && defined(ECPPIOC_GETDEVID)
   struct ecpp_device_id did;		/* Device ID buffer */
 #  endif /* __sun && ECPPIOC_GETDEVID */
-
+  char  *c;
 
   DEBUG_printf(("backendGetDeviceID(fd=%d, device_id=%p, device_id_size=%d, "
                 "make_model=%p, make_model_size=%d, scheme=\"%s\", "
@@ -176,7 +176,7 @@ backendGetDeviceID(
       * and then limit the length to the size of our buffer...
       */
 
-      if (length > device_id_size)
+      if ((length > device_id_size) || (length < 14))
 	length = (((unsigned)device_id[1] & 255) << 8) +
 		 ((unsigned)device_id[0] & 255);
 
@@ -214,11 +214,16 @@ backendGetDeviceID(
 	device_id[length] = '\0';
       }
     }
-#    ifdef DEBUG
     else
+    {
+#    ifdef DEBUG
+
       DEBUG_printf(("backendGetDeviceID: ioctl failed - %s\n",
                     strerror(errno)));
 #    endif /* DEBUG */
+      /* Clean up after failed attempt to get device ID */
+      *device_id = '\0';
+    }
 #  endif /* __linux */
 
 #   if defined(__sun) && defined(ECPPIOC_GETDEVID)
@@ -246,14 +251,24 @@ backendGetDeviceID(
 #  endif /* __sun && ECPPIOC_GETDEVID */
   }
 
+ /*
+  * Check whether device ID is valid. Turn line breaks and tabs to spaces
+  * and abort device IDs with non-printable characters
+  */
+  for (c = device_id; *c; c++)
+    if (isspace(*c))
+      *c = ' ';
+    else if (!isprint(*c))
+    {
+      *device_id = '\0';
+      break;
+    }
+
   DEBUG_printf(("backendGetDeviceID: device_id=\"%s\"\n", device_id));
 
   if (scheme && uri)
     *uri = '\0';
 
-  if (!*device_id)
-    return (-1);
-
  /*
   * Get the make and model...
   */