diff --git a/cups-stringpool-setprinterattr.patch b/cups-stringpool-setprinterattr.patch new file mode 100644 index 0000000..18c18dd --- /dev/null +++ b/cups-stringpool-setprinterattr.patch @@ -0,0 +1,64 @@ +diff -up cups-1.6.2/scheduler/printers.c.stringpool-setprinterattr cups-1.6.2/scheduler/printers.c +--- cups-1.6.2/scheduler/printers.c.stringpool-setprinterattr 2013-06-13 12:16:07.525680621 +0100 ++++ cups-1.6.2/scheduler/printers.c 2013-06-13 12:16:07.567680782 +0100 +@@ -1925,6 +1925,7 @@ cupsdSetPrinterAttr( + ipp_attribute_t *attr; /* Attribute */ + int i, /* Looping var */ + count; /* Number of values */ ++ char *value_dup; /* Copy of attribute value string */ + char *ptr, /* Pointer into value */ + *start, /* Start of value */ + quote; /* Quote character */ +@@ -1993,16 +1994,24 @@ cupsdSetPrinterAttr( + return; + } + +- for (i = 0; i < count; i ++) ++ if ((value_dup = strdup(value)) == NULL) + { +- if ((ptr = strchr(value, ',')) != NULL) ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to copy attribute value."); ++ return; ++ } ++ ++ for (i = 0, start = value_dup; i < count; i ++) ++ { ++ if ((ptr = strchr(start, ',')) != NULL) + *ptr++ = '\0'; + +- attr->values[i].integer = strtol(value, NULL, 10); ++ attr->values[i].integer = strtol(start, NULL, 10); + + if (ptr) +- value = ptr; ++ start = ptr; + } ++ ++ free(value_dup); + } + else + { +@@ -2043,7 +2052,13 @@ cupsdSetPrinterAttr( + return; + } + +- for (i = 0, quote = '\0', ptr = value; i < count; i ++) ++ if ((value_dup = strdup(value)) == NULL) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to copy attribute value."); ++ return; ++ } ++ ++ for (i = 0, quote = '\0', ptr = value_dup; i < count; i ++) + { + for (start = ptr; *ptr; ptr ++) + { +@@ -2071,6 +2086,8 @@ cupsdSetPrinterAttr( + + attr->values[i].string.text = _cupsStrAlloc(start); + } ++ ++ free(value_dup); + } + } + diff --git a/cups.spec b/cups.spec index 2c281fd..2701c33 100644 --- a/cups.spec +++ b/cups.spec @@ -11,7 +11,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 1.6.2 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv2 Group: System Environment/Daemons Url: http://www.cups.org/ @@ -57,6 +57,7 @@ Patch26: cups-lpd-manpage.patch Patch27: cups-avahi-address.patch Patch28: cups-usblp-quirks.patch Patch29: cups-enum-all.patch +Patch30: cups-stringpool-setprinterattr.patch Patch100: cups-lspp.patch @@ -231,6 +232,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch28 -p1 -b .quirks # Return from cupsEnumDests() once all records have been returned. %patch29 -p1 -b .enum-all +# Prevent stringpool damage leading to memory leaks (bug #974048). +%patch30 -p1 -b .stringpool-setprinterattr %if %lspp # LSPP support. @@ -632,6 +635,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Thu Jun 13 2013 Tim Waugh 1:1.6.2-9 +- Prevent stringpool damage leading to memory leaks (bug #974048). + * Tue Jun 4 2013 Tim Waugh - 1:1.6.2-8 - Return from cupsEnumDests() once all records have been returned.