Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 166713 Details for
Bug 238976
net-print/cups <1.3.8-r2 Multiple buffer overflows (CVE-2008-{3639,3640,3641})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
cups-1.3.8-CVE-2008-3640.patch
cups-1.3.8-CVE-2008-3640.patch (text/plain), 2.43 KB, created by
Robert Buchholz (RETIRED)
on 2008-09-28 21:11:57 UTC
(
hide
)
Description:
cups-1.3.8-CVE-2008-3640.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-09-28 21:11:57 UTC
Size:
2.43 KB
patch
obsolete
>Index: cups-1.3.8/filter/texttops.c >=================================================================== >--- cups-1.3.8.orig/filter/texttops.c >+++ cups-1.3.8/filter/texttops.c >@@ -173,6 +173,14 @@ WriteProlog(const char *title, /* I - T > SizeColumns = (PageRight - PageLeft) / 72.0 * CharsPerInch; > SizeLines = (PageTop - PageBottom) / 72.0 * LinesPerInch; > >+ if (SizeColumns <= 0 || SizeColumns > 32767 || >+ SizeLines <= 0 || SizeLines > 32767) >+ { >+ _cupsLangPrintf(stderr, _("ERROR: Unable to print %dx%d text page!\n"), >+ SizeColumns, SizeLines); >+ exit(1); >+ } >+ > Page = calloc(sizeof(lchar_t *), SizeLines); > Page[0] = calloc(sizeof(lchar_t), SizeColumns * SizeLines); > for (i = 1; i < SizeLines; i ++) >@@ -187,6 +195,13 @@ WriteProlog(const char *title, /* I - T > else > ColumnWidth = SizeColumns; > >+ if (ColumnWidth <= 0) >+ { >+ _cupsLangPrintf(stderr, _("ERROR: Unable to print %d text columns!\n"), >+ PageColumns); >+ exit(1); >+ } >+ > /* > * Output the DSC header... > */ >Index: cups-1.3.8/filter/textcommon.c >=================================================================== >--- cups-1.3.8.orig/filter/textcommon.c >+++ cups-1.3.8/filter/textcommon.c >@@ -3,7 +3,7 @@ > * > * Common text filter routines for the Common UNIX Printing System (CUPS). > * >- * Copyright 2007 by Apple Inc. >+ * Copyright 2007-2008 by Apple Inc. > * Copyright 1997-2007 by Easy Software Products. > * > * These coded instructions, statements, and computer programs are the >@@ -605,14 +605,38 @@ TextMain(const char *name, /* I - Name o > !strcasecmp(val, "yes"); > > if ((val = cupsGetOption("columns", num_options, options)) != NULL) >+ { > PageColumns = atoi(val); > >+ if (PageColumns < 1) >+ { >+ _cupsLangPrintf(stderr, _("ERROR: Bad columns value %d!\n"), PageColumns); >+ return (1); >+ } >+ } >+ > if ((val = cupsGetOption("cpi", num_options, options)) != NULL) >+ { > CharsPerInch = atof(val); > >+ if (CharsPerInch <= 0.0) >+ { >+ _cupsLangPrintf(stderr, _("ERROR: Bad cpi value %f!\n"), CharsPerInch); >+ return (1); >+ } >+ } >+ > if ((val = cupsGetOption("lpi", num_options, options)) != NULL) >+ { > LinesPerInch = atof(val); > >+ if (LinesPerInch <= 0.0) >+ { >+ _cupsLangPrintf(stderr, _("ERROR: Bad lpi value %f!\n"), LinesPerInch); >+ return (1); >+ } >+ } >+ > if (PrettyPrint) > PageTop -= 216.0f / LinesPerInch; >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 238976
:
166712
| 166713 |
166715
|
167039