Репозитории ALT
S: | 2.4.7-alt1 |
5.1: | 1.4.2-alt1.M51.2 |
4.1: | 1.3.10-alt0.M41.4 |
+updates: | 1.3.9-alt1.M41.1 |
4.0: | 1.2.12-alt6.M40.9 |
+updates: | 1.2.12-alt6.M40.8 |
3.0: | 1.1.20-alt14.1 |
Группа :: Система/Серверы
Пакет: cups
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: cups-1.2.12-CVE-2008-3640.patch
Скачать
Скачать
diff -up cups-1.2.4/filter/textcommon.c.CVE-2008-3640 cups-1.2.4/filter/textcommon.c
--- cups-1.2.4/filter/textcommon.c.CVE-2008-3640 2005-08-04 19:40:13.000000000 +0100
+++ cups-1.2.4/filter/textcommon.c 2008-09-30 15:00:29.000000000 +0100
@@ -3,6 +3,7 @@
*
* Common text filter routines for the Common UNIX Printing System (CUPS).
*
+ * Copyright 2007-2008 by Apple Inc.
* Copyright 1997-2005 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
@@ -613,14 +614,38 @@ TextMain(const char *name, /* I - Name o
!strcasecmp(val, "yes");
if ((val = cupsGetOption("columns", num_options, options)) != NULL)
+ {
PageColumns = atoi(val);
+ if (PageColumns < 1)
+ {
+ fprintf(stderr, "ERROR: Bad columns value %d!\n", PageColumns);
+ return (1);
+ }
+ }
+
if ((val = cupsGetOption("cpi", num_options, options)) != NULL)
+ {
CharsPerInch = atof(val);
+ if (CharsPerInch <= 0.0)
+ {
+ fprintf(stderr, "ERROR: Bad cpi value %f!\n", CharsPerInch);
+ return (1);
+ }
+ }
+
if ((val = cupsGetOption("lpi", num_options, options)) != NULL)
+ {
LinesPerInch = atof(val);
+ if (LinesPerInch <= 0.0)
+ {
+ fprintf(stderr, "ERROR: Bad lpi value %f!\n", LinesPerInch);
+ return (1);
+ }
+ }
+
if (PrettyPrint)
PageTop -= 216.0f / LinesPerInch;
diff -up cups-1.2.4/filter/texttops.c.CVE-2008-3640 cups-1.2.4/filter/texttops.c
--- cups-1.2.4/filter/texttops.c.CVE-2008-3640 2005-09-21 10:28:39.000000000 +0100
+++ cups-1.2.4/filter/texttops.c 2008-09-30 14:59:42.000000000 +0100
@@ -181,6 +181,14 @@ WriteProlog(const char *title, /* I - T
SizeColumns = (PageRight - PageLeft) / 72.0 * CharsPerInch;
SizeLines = (PageTop - PageBottom) / 72.0 * LinesPerInch;
+ if (SizeColumns <= 0 || SizeColumns > 32767 ||
+ SizeLines <= 0 || SizeLines > 32767)
+ {
+ fprintf(stderr, "ERROR: Unable to print %dx%d text page!\n",
+ SizeColumns, SizeLines);
+ exit(1);
+ }
+
Page = calloc(sizeof(lchar_t *), SizeLines);
Page[0] = calloc(sizeof(lchar_t), SizeColumns * SizeLines);
for (i = 1; i < SizeLines; i ++)
@@ -195,6 +203,13 @@ WriteProlog(const char *title, /* I - T
else
ColumnWidth = SizeColumns;
+ if (ColumnWidth <= 0)
+ {
+ fprintf(stderr, "ERROR: Unable to print %d text columns!\n",
+ PageColumns);
+ exit(1);
+ }
+
/*
* Output the DSC header...
*/