Blame SOURCES/cups-filters-covscan.patch

faf1e1
diff --git a/backend/beh.c b/backend/beh.c
faf1e1
index 9ba6613..7514e33 100644
faf1e1
--- a/backend/beh.c
faf1e1
+++ b/backend/beh.c
faf1e1
@@ -223,6 +223,8 @@ call_backend(char *uri,                 /* I - URI of final destination */
faf1e1
   */
faf1e1
 
faf1e1
   strncpy(scheme, uri, sizeof(scheme));
faf1e1
+  if (strlen(uri) > 1023)
faf1e1
+    scheme[1023] = '\0';
faf1e1
   if ((ptr = strchr(scheme, ':')) != NULL)
faf1e1
     *ptr = '\0';
faf1e1
 
faf1e1
diff --git a/backend/implicitclass.c b/backend/implicitclass.c
faf1e1
index 3ce4d10..1593191 100644
faf1e1
--- a/backend/implicitclass.c
faf1e1
+++ b/backend/implicitclass.c
faf1e1
@@ -104,6 +104,8 @@ main(int  argc,				/* I - Number of command-line args */
faf1e1
     }
faf1e1
     ptr1 ++;
faf1e1
     strncpy(queue_name, ptr1, sizeof(queue_name));
faf1e1
+    if (strlen(ptr1) > 1023)
faf1e1
+      queue_name[1023] = '\0';
faf1e1
     httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL,
faf1e1
 		     "localhost", ippPort(), "/printers/%s", queue_name);
faf1e1
     job_id = argv[1];
faf1e1
@@ -162,6 +164,8 @@ main(int  argc,				/* I - Number of command-line args */
faf1e1
       /* Read destination host name (or message) and check whether it is
faf1e1
 	 complete (second double quote) */
faf1e1
       strncpy(dest_host, ptr1, sizeof(dest_host));
faf1e1
+      if (strlen(ptr1) > 1023)
faf1e1
+        dest_host[1023] = '\0';
faf1e1
       ptr1 = dest_host;
faf1e1
       if ((ptr2 = strchr(ptr1, '"')) != NULL) {
faf1e1
 	*ptr2 = '\0';
faf1e1
diff --git a/cupsfilters/colormanager.c b/cupsfilters/colormanager.c
faf1e1
index 70074a3..a4a929d 100644
faf1e1
--- a/cupsfilters/colormanager.c
faf1e1
+++ b/cupsfilters/colormanager.c
faf1e1
@@ -272,6 +272,9 @@ _get_colord_profile(const char   *printer_name,     /* Dest name */
faf1e1
       free(qualifier);
faf1e1
     }
faf1e1
 
faf1e1
+    if (icc_profile != NULL)
faf1e1
+      free(icc_profile);
faf1e1
+
faf1e1
     return is_profile_set;
faf1e1
 
faf1e1
 }
faf1e1
@@ -325,8 +328,11 @@ _get_ppd_icc_fallback (ppd_file_t *ppd, char **qualifier)
faf1e1
     if (attr->value[0] != '/')
faf1e1
       snprintf(full_path, sizeof(full_path),
faf1e1
                "%s/profiles/%s", CUPSDATA, attr->value);
faf1e1
-    else
faf1e1
+    else {
faf1e1
       strncpy(full_path, attr->value, sizeof(full_path));
faf1e1
+      if (strlen(attr->value) > 1023)
faf1e1
+        full_path[1023] = '\0';
faf1e1
+    }
faf1e1
 
faf1e1
     /* check the file exists */
faf1e1
     if (access(full_path, 0)) {
faf1e1
diff --git a/cupsfilters/image-sgilib.c b/cupsfilters/image-sgilib.c
faf1e1
index 0b70c13..bf2dd80 100644
faf1e1
--- a/cupsfilters/image-sgilib.c
faf1e1
+++ b/cupsfilters/image-sgilib.c
faf1e1
@@ -282,7 +282,7 @@ sgiOpenFile(FILE *file,			/* I - File to open */
faf1e1
         sgip->mode = SGI_WRITE;
faf1e1
 
faf1e1
         putshort(SGI_MAGIC, sgip->file);
faf1e1
-        putc((sgip->comp = comp) != 0, sgip->file);
faf1e1
+        putc(((sgip->comp = comp) != 0) ? '1': '0', sgip->file);
faf1e1
         putc(sgip->bpp = bpp, sgip->file);
faf1e1
         putshort(3, sgip->file);		/* Dimensions */
faf1e1
         putshort(sgip->xsize = xsize, sgip->file);
faf1e1
diff --git a/cupsfilters/image-sun.c b/cupsfilters/image-sun.c
faf1e1
index 609b194..989d039 100644
faf1e1
--- a/cupsfilters/image-sun.c
faf1e1
+++ b/cupsfilters/image-sun.c
faf1e1
@@ -114,6 +114,7 @@ _cupsImageReadSunRaster(
faf1e1
       ras_depth == 0 || ras_depth > 32)
faf1e1
   {
faf1e1
     fputs("DEBUG: Raster image cannot be loaded!\n", stderr);
faf1e1
+    fclose(fp);
faf1e1
     return (1);
faf1e1
   }
faf1e1
 
faf1e1
diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c
faf1e1
index 052e3c5..3bc4d8a 100644
faf1e1
--- a/cupsfilters/ppdgenerator.c
faf1e1
+++ b/cupsfilters/ppdgenerator.c
faf1e1
@@ -937,6 +937,10 @@ load_opt_strings_catalog(const char *location, cups_array_t *options)
faf1e1
     }
faf1e1
   }
faf1e1
   cupsFileClose(fp);
faf1e1
+  if (choice_name != NULL)
faf1e1
+    free(choice_name);
faf1e1
+  if (opt_name != NULL)
faf1e1
+    free(opt_name);
faf1e1
   if (filename == tmpfile)
faf1e1
     unlink(filename);
faf1e1
 }
faf1e1
diff --git a/cupsfilters/raster.c b/cupsfilters/raster.c
faf1e1
index 8203690..67d6b9b 100644
faf1e1
--- a/cupsfilters/raster.c
faf1e1
+++ b/cupsfilters/raster.c
faf1e1
@@ -151,11 +151,14 @@ cupsRasterParseIPPOptions(cups_page_header2_t *h, /* I - Raster header */
faf1e1
 		strcasestr(s, "right") ||
faf1e1
 		strcasestr(s, "side") ||
faf1e1
 		strcasestr(s, "main"))
faf1e1
-	      media_source = strdup(s);
faf1e1
+            {
faf1e1
+              if (media_source == NULL)
faf1e1
+	        media_source = strdup(s);
faf1e1
+            }
faf1e1
 	    else
faf1e1
 	      media_type = strdup(s);
faf1e1
 	  }
faf1e1
-      if (size_found)
faf1e1
+      if (page_size == NULL && size_found)
faf1e1
 	page_size = strdup(size_found->pwg);
faf1e1
     }
faf1e1
   }
faf1e1
@@ -1079,6 +1082,13 @@ cupsRasterParseIPPOptions(cups_page_header2_t *h, /* I - Raster header */
faf1e1
     h->cupsRenderingIntent[0] = '\0';
faf1e1
 #endif /* HAVE_CUPS_1_7 */
faf1e1
 
faf1e1
+  if (media_source != NULL)
faf1e1
+    free(media_source);
faf1e1
+  if (media_type != NULL)
faf1e1
+    free(media_type);
faf1e1
+  if (page_size != NULL)
faf1e1
+    free(page_size);
faf1e1
+
faf1e1
   return (0);
faf1e1
 }
faf1e1
 
faf1e1
diff --git a/filter/bannertopdf.c b/filter/bannertopdf.c
faf1e1
index b78ea37..2b9bd76 100644
faf1e1
--- a/filter/bannertopdf.c
faf1e1
+++ b/filter/bannertopdf.c
faf1e1
@@ -513,6 +513,15 @@ static int generate_banner_pdf(banner_t *banner,
faf1e1
         pdf_duplicate_page(doc, 1, copies);
faf1e1
 
faf1e1
     pdf_write(doc, stdout);
faf1e1
+
faf1e1
+    opt_t * opt_current = known_opts;
faf1e1
+    opt_t * opt_next = NULL;
faf1e1
+    while (opt_current != NULL)
faf1e1
+    {
faf1e1
+      opt_next = opt_current->next;
faf1e1
+      free(opt_current);
faf1e1
+      opt_current = opt_next;
faf1e1
+    }
faf1e1
     free(buf);
faf1e1
     pdf_free(doc);
faf1e1
     return 0;
faf1e1
diff --git a/filter/foomatic-rip/foomaticrip.c b/filter/foomatic-rip/foomaticrip.c
faf1e1
index 2a642ed..13d2035 100644
faf1e1
--- a/filter/foomatic-rip/foomaticrip.c
faf1e1
+++ b/filter/foomatic-rip/foomaticrip.c
faf1e1
@@ -666,6 +666,11 @@ int print_file(const char *filename, int convert)
faf1e1
                 ret = print_file("<STDIN>", 0);
faf1e1
 
faf1e1
                 wait_for_process(renderer_pid);
faf1e1
+                if (in != NULL)
faf1e1
+                  fclose(in);
faf1e1
+                if (out != NULL)
faf1e1
+                  fclose(out);
faf1e1
+
faf1e1
                 return ret;
faf1e1
             }
faf1e1
 
faf1e1
@@ -683,6 +688,8 @@ int print_file(const char *filename, int convert)
faf1e1
 
faf1e1
         case UNKNOWN_FILE:
faf1e1
 	    _log("Cannot process \"%s\": Unknown filetype.\n", filename);
faf1e1
+	    if (file != NULL)
faf1e1
+	      fclose(file);
faf1e1
 	    return 0;
faf1e1
     }
faf1e1
 
faf1e1
@@ -811,10 +818,14 @@ int main(int argc, char** argv)
faf1e1
 
faf1e1
     if (getenv("PPD")) {
faf1e1
         strncpy(job->ppdfile, getenv("PPD"), 2048);
faf1e1
+        if (strlen(getenv("PPD")) > 2047)
faf1e1
+          job->ppdfile[2047] = '\0';
faf1e1
         spooler = SPOOLER_CUPS;
faf1e1
-	if (getenv("CUPS_SERVERBIN"))
faf1e1
-	    strncpy(cupsfilterpath, getenv("CUPS_SERVERBIN"),
faf1e1
-		    sizeof(cupsfilterpath));
faf1e1
+    if (getenv("CUPS_SERVERBIN")) {
faf1e1
+        strncpy(cupsfilterpath, getenv("CUPS_SERVERBIN"), sizeof(cupsfilterpath));
faf1e1
+        if (strlen(getenv("CUPS_SERVERBIN")) > PATH_MAX-1)
faf1e1
+          cupsfilterpath[PATH_MAX-1] = '\0';
faf1e1
+        }
faf1e1
     }
faf1e1
 
faf1e1
     /* Check status of printer color management from the color manager */
faf1e1
@@ -834,10 +845,14 @@ int main(int argc, char** argv)
faf1e1
            allow duplicates, and use the last specified one */
faf1e1
             while ((str = arglist_get_value(arglist, "-p"))) {
faf1e1
                 strncpy(job->ppdfile, str, 2048);
faf1e1
+                if (strlen(str) > 2047)
faf1e1
+                  job->ppdfile[2047] = '\0';
faf1e1
                 arglist_remove(arglist, "-p");
faf1e1
             }
faf1e1
 	    while ((str = arglist_get_value(arglist, "--ppd"))) {
faf1e1
 	        strncpy(job->ppdfile, str, 2048);
faf1e1
+	        if (strlen(str) > 2047)
faf1e1
+	          job->ppdfile[2047] = '\0';
faf1e1
 	        arglist_remove(arglist, "--ppd");
faf1e1
 	    }
faf1e1
 
faf1e1
@@ -1020,6 +1035,7 @@ int main(int argc, char** argv)
faf1e1
                   cmd[0] = '\0';
faf1e1
 
faf1e1
                 snprintf(gstoraster, sizeof(gstoraster), "gs -dQUIET -dDEBUG -dPARANOIDSAFER -dNOPAUSE -dBATCH -dNOINTERPOLATE -dNOMEDIAATTRS -sDEVICE=cups -dShowAcroForm %s -sOutputFile=- -", cmd);
faf1e1
+                free(icc_profile);
faf1e1
             }
faf1e1
 
faf1e1
             /* build Ghostscript/CUPS driver command line */
faf1e1
diff --git a/filter/foomatic-rip/options.c b/filter/foomatic-rip/options.c
faf1e1
index 325a0a6..798ddf9 100644
faf1e1
--- a/filter/foomatic-rip/options.c
faf1e1
+++ b/filter/foomatic-rip/options.c
faf1e1
@@ -1031,12 +1031,10 @@ int option_set_value(option_t *opt, int optionset, const char *value)
faf1e1
         /* TODO only set the changed option, not all of them */
faf1e1
         choice = option_find_choice(fromopt, 
faf1e1
                                     option_get_value(fromopt, optionset));
faf1e1
-
faf1e1
         composite_set_values(fromopt, optionset, choice->command);
faf1e1
-    }
faf1e1
-    else {
faf1e1
+	free(newvalue);
faf1e1
+    } else
faf1e1
         val->value = newvalue;
faf1e1
-    }
faf1e1
 
faf1e1
     if (option_is_composite(opt)) {
faf1e1
         /* set dependent values */
faf1e1
@@ -1914,6 +1912,8 @@ int ppd_supports_pdf()
faf1e1
     if (startswith(cmd, "gs"))
faf1e1
     {
faf1e1
         strncpy(cmd_pdf, cmd, 4096);
faf1e1
+        if (strlen(cmd) > 4095)
faf1e1
+          cmd_pdf[4095] = '\0';
faf1e1
         return 1;
faf1e1
     }
faf1e1
 
faf1e1
diff --git a/filter/foomatic-rip/spooler.c b/filter/foomatic-rip/spooler.c
faf1e1
index 236551f..4f27563 100644
faf1e1
--- a/filter/foomatic-rip/spooler.c
faf1e1
+++ b/filter/foomatic-rip/spooler.c
faf1e1
@@ -94,6 +94,8 @@ void init_cups(list_t *arglist, dstr_t *filelist, jobparams_t *job)
faf1e1
        CUPS puts the print queue name into the PRINTER environment variable
faf1e1
        when calling filters. */
faf1e1
     strncpy(job->printer, getenv("PRINTER"), 256);
faf1e1
+    if (strlen(getenv("PRINTER")) > 255)
faf1e1
+      job->printer[255] = '\0';
faf1e1
 
faf1e1
     free(cups_options);
faf1e1
 }
faf1e1
diff --git a/filter/pdftops.c b/filter/pdftops.c
faf1e1
index 55d2ec1..a648444 100644
faf1e1
--- a/filter/pdftops.c
faf1e1
+++ b/filter/pdftops.c
faf1e1
@@ -427,6 +427,8 @@ main(int  argc,				/* I - Number of command-line args */
faf1e1
   if ((val = cupsGetOption("make-and-model", num_options, options)) != NULL)
faf1e1
   {
faf1e1
     strncpy(make_model, val, sizeof(make_model));
faf1e1
+    if (strlen(val) > 127)
faf1e1
+      make_model[127] = '\0';
faf1e1
     for (ptr = make_model; *ptr; ptr ++)
faf1e1
       if (*ptr == '-') *ptr = ' ';
faf1e1
   }
faf1e1
diff --git a/filter/pdftoraster.cxx b/filter/pdftoraster.cxx
faf1e1
index 4cd656a..0c63ab8 100644
faf1e1
--- a/filter/pdftoraster.cxx
faf1e1
+++ b/filter/pdftoraster.cxx
faf1e1
@@ -558,8 +558,10 @@ static void parseOpts(int argc, char **argv)
faf1e1
     if (!cm_disabled) 
faf1e1
       cmGetPrinterIccProfile(getenv("PRINTER"), &profile, ppd);
faf1e1
 
faf1e1
-    if (profile != NULL)
faf1e1
-      colorProfile = cmsOpenProfileFromFile(profile,"r");    
faf1e1
+    if (profile != NULL) {
faf1e1
+      colorProfile = cmsOpenProfileFromFile(profile,"r");
faf1e1
+      free(profile);
faf1e1
+    }
faf1e1
 
faf1e1
 #ifdef HAVE_CUPS_1_7
faf1e1
     if ((attr = ppdFindAttr(ppd,"PWGRaster",0)) != 0 &&
faf1e1
diff --git a/filter/rastertoescpx.c b/filter/rastertoescpx.c
faf1e1
index 5a3e5df..a0ec416 100644
faf1e1
--- a/filter/rastertoescpx.c
faf1e1
+++ b/filter/rastertoescpx.c
faf1e1
@@ -1141,7 +1141,10 @@ EndPage(ppd_file_t         *ppd,	/* I - PPD file */
faf1e1
     }
faf1e1
   }
faf1e1
   else
faf1e1
+  {
faf1e1
     free(DotBuffers[0]);
faf1e1
+    DotBuffers[0] = NULL;
faf1e1
+  }
faf1e1
 
faf1e1
  /*
faf1e1
   * Output a page eject sequence...
faf1e1
@@ -1440,7 +1443,7 @@ CompressData(ppd_file_t          *ppd,	/* I - PPD file information */
faf1e1
 
faf1e1
     printf("\033i");
faf1e1
     putchar(ctable[PrinterPlanes - 1][plane]);
faf1e1
-    putchar(type != 0);
faf1e1
+    putchar((type != 0) ? '1': '0');
faf1e1
     putchar(BitPlanes);
faf1e1
     putchar(bytes & 255);
faf1e1
     putchar(bytes >> 8);
faf1e1
@@ -1470,7 +1473,7 @@ CompressData(ppd_file_t          *ppd,	/* I - PPD file information */
faf1e1
     bytes *= 8;
faf1e1
 
faf1e1
     printf("\033.");
faf1e1
-    putchar(type != 0);
faf1e1
+    putchar((type != 0) ? '1': '0');
faf1e1
     putchar(ystep);
faf1e1
     putchar(xstep);
faf1e1
     putchar(rows);
faf1e1
@@ -1907,6 +1910,10 @@ main(int  argc,				/* I - Number of command-line arguments */
faf1e1
   if (fd != 0)
faf1e1
     close(fd);
faf1e1
 
faf1e1
+  for (int i = 0; i < 7; i++)
faf1e1
+    if (DotBuffers[i] != NULL)
faf1e1
+      free(DotBuffers[i]);
faf1e1
+
faf1e1
   return (page == 0);
faf1e1
 }
faf1e1
 
faf1e1
diff --git a/filter/rastertops.c b/filter/rastertops.c
faf1e1
index d5d955b..531eb70 100644
faf1e1
--- a/filter/rastertops.c
faf1e1
+++ b/filter/rastertops.c
faf1e1
@@ -282,6 +282,8 @@ write_flate(cups_raster_t *ras,	        /* I - Image data */
faf1e1
       if (fwrite(out, 1, have, stdout) != have)
faf1e1
       {
faf1e1
 	(void)deflateEnd(&strm;;
faf1e1
+	if (convertedpix != NULL)
faf1e1
+	  free(convertedpix);
faf1e1
 	return Z_ERRNO;
faf1e1
       }
faf1e1
     } while (strm.avail_out == 0);
faf1e1
diff --git a/filter/sys5ippprinter.c b/filter/sys5ippprinter.c
faf1e1
index ad75551..9a92c8e 100644
faf1e1
--- a/filter/sys5ippprinter.c
faf1e1
+++ b/filter/sys5ippprinter.c
faf1e1
@@ -570,6 +570,8 @@ exec_filter(const char *filter,		/* I - Filter to execute */
faf1e1
 	dup2(fd, 2);
faf1e1
 	close(fd);
faf1e1
       }
faf1e1
+      else
faf1e1
+        close(fd);
faf1e1
       fcntl(2, F_SETFL, O_NDELAY);
faf1e1
     }
faf1e1
 
faf1e1
@@ -578,6 +580,8 @@ exec_filter(const char *filter,		/* I - Filter to execute */
faf1e1
       dup2(fd, 3);
faf1e1
       close(fd);
faf1e1
     }
faf1e1
+    else
faf1e1
+      close(fd);
faf1e1
     fcntl(3, F_SETFL, O_NDELAY);
faf1e1
 
faf1e1
     if ((fd = open("/dev/null", O_RDWR)) > 4)
faf1e1
@@ -585,6 +589,8 @@ exec_filter(const char *filter,		/* I - Filter to execute */
faf1e1
       dup2(fd, 4);
faf1e1
       close(fd);
faf1e1
     }
faf1e1
+    else
faf1e1
+      close(fd);
faf1e1
     fcntl(4, F_SETFL, O_NDELAY);
faf1e1
 
faf1e1
    /*
faf1e1
@@ -654,8 +660,11 @@ exec_filters(cups_array_t  *filters,	/* I - Array of filters to run */
faf1e1
   {
faf1e1
     next = (char *)cupsArrayNext(filters);
faf1e1
 
faf1e1
-    if (filter[0] == '/')
faf1e1
+    if (filter[0] == '/') {
faf1e1
       strncpy(program, filter, sizeof(program));
faf1e1
+      if (strlen(filter) > 1023)
faf1e1
+        program[1023] = '\0';
faf1e1
+    }
faf1e1
     else
faf1e1
     {
faf1e1
       if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
faf1e1
diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c
faf1e1
index a2a4a08..19a2ac8 100644
faf1e1
--- a/utils/cups-browsed.c
faf1e1
+++ b/utils/cups-browsed.c
faf1e1
@@ -2245,7 +2245,10 @@ is_disabled(const char *printer, const char *reason) {
faf1e1
 	  pstate = (ipp_pstate_t)ippGetInteger(attr, 0);
faf1e1
 	else if (!strcmp(ippGetName(attr), "printer-state-message") &&
faf1e1
 		 ippGetValueTag(attr) == IPP_TAG_TEXT) {
faf1e1
-	  free(pstatemsg);
faf1e1
+	  if (pstatemsg != NULL) {
faf1e1
+	    free(pstatemsg);
faf1e1
+	    pstatemsg = NULL;
faf1e1
+	  }
faf1e1
 	  p = ippGetString(attr, 0, NULL);
faf1e1
 	  if (p != NULL) pstatemsg = strdup(p);
faf1e1
 	}
faf1e1
@@ -2262,16 +2265,22 @@ is_disabled(const char *printer, const char *reason) {
faf1e1
 	case IPP_PRINTER_IDLE:
faf1e1
 	case IPP_PRINTER_PROCESSING:
faf1e1
 	  ippDelete(response);
faf1e1
-	  free(pstatemsg);
faf1e1
+	  if (pstatemsg != NULL) {
faf1e1
+	    free(pstatemsg);
faf1e1
+	    pstatemsg = NULL;
faf1e1
+	  }
faf1e1
 	  return NULL;
faf1e1
 	case IPP_PRINTER_STOPPED:
faf1e1
 	  ippDelete(response);
faf1e1
 	  if (reason == NULL)
faf1e1
 	    return pstatemsg;
faf1e1
-	  else if (strcasestr(pstatemsg, reason) != NULL)
faf1e1
+	  else if (pstatemsg != NULL && (strcasestr(pstatemsg, reason) != NULL))
faf1e1
 	    return pstatemsg;
faf1e1
 	  else {
faf1e1
-	    free(pstatemsg);
faf1e1
+            if (pstatemsg != NULL) {
faf1e1
+                free(pstatemsg);
faf1e1
+                pstatemsg = NULL;
faf1e1
+            }
faf1e1
 	    return NULL;
faf1e1
 	  }
faf1e1
 	}
faf1e1
@@ -2280,12 +2289,18 @@ is_disabled(const char *printer, const char *reason) {
faf1e1
     debug_printf("No information regarding enabled/disabled found about the requested printer '%s'\n",
faf1e1
 		 printer);
faf1e1
     ippDelete(response);
faf1e1
-    free(pstatemsg);
faf1e1
+    if (pstatemsg != NULL) {
faf1e1
+      free(pstatemsg);
faf1e1
+      pstatemsg = NULL;
faf1e1
+    }
faf1e1
     return NULL;
faf1e1
   }
faf1e1
   debug_printf("ERROR: Request for printer info failed: %s\n",
faf1e1
 	       cupsLastErrorString());
faf1e1
-  free(pstatemsg);
faf1e1
+  if (pstatemsg != NULL) {
faf1e1
+    free(pstatemsg);
faf1e1
+    pstatemsg = NULL;
faf1e1
+  }
faf1e1
   return NULL;
faf1e1
 }
faf1e1
 
faf1e1
@@ -3040,6 +3055,8 @@ on_printer_state_changed (CupsNotifier *object,
faf1e1
 		      dest_host = p->ip ? p->ip : p->host;
faf1e1
 		      dest_port = p->port;
faf1e1
 		      strncpy(dest_name, remote_cups_queue, sizeof(dest_name));
faf1e1
+		      if (strlen(remote_cups_queue) > 1023)
faf1e1
+		        dest_name[1023] = '\0';
faf1e1
 		      dest_index = i;
faf1e1
 		      debug_printf("Printer %s on host %s, port %d is idle, take this as destination and stop searching.\n",
faf1e1
 				   remote_cups_queue, p->host, p->port);
faf1e1
@@ -3056,8 +3073,9 @@ on_printer_state_changed (CupsNotifier *object,
faf1e1
 			  min_jobs = num_jobs;
faf1e1
 			  dest_host = p->ip ? p->ip : p->host;
faf1e1
 			  dest_port = p->port;
faf1e1
-			  strncpy(dest_name, remote_cups_queue,
faf1e1
-				  sizeof(dest_name));
faf1e1
+			  strncpy(dest_name, remote_cups_queue, sizeof(dest_name));
faf1e1
+			  if (strlen(remote_cups_queue) > 1023)
faf1e1
+			    dest_name[1023] = '\0';
faf1e1
 			  dest_index = i;
faf1e1
 			}
faf1e1
 			debug_printf("Printer %s on host %s, port %d is printing and it has %d jobs.\n",
faf1e1
@@ -3566,8 +3584,9 @@ create_remote_printer_entry (const char *queue_name,
faf1e1
 				   IPP_TAG_KEYWORD)) != NULL) {
faf1e1
 	debug_printf("  Attr: %s\n", ippGetName(attr));
faf1e1
 	for (i = 0; i < ippGetCount(attr); i ++) {
faf1e1
-	  strncpy(valuebuffer, ippGetString(attr, i, NULL),
faf1e1
-		  sizeof(valuebuffer));
faf1e1
+	  strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
faf1e1
+	  if (strlen(ippGetString(attr, i, NULL)) > 65535)
faf1e1
+	    valuebuffer[65535] = '\0';
faf1e1
 	  debug_printf("  Keyword: %s\n", valuebuffer);
faf1e1
 	  if (valuebuffer[0] > '1')
faf1e1
 	    break;
faf1e1
@@ -3598,8 +3617,9 @@ create_remote_printer_entry (const char *queue_name,
faf1e1
 	debug_printf("  Value: %s\n", valuebuffer);
faf1e1
 	if (valuebuffer[0] == '\0') {
faf1e1
 	  for (i = 0; i < ippGetCount(attr); i ++) {
faf1e1
-	    strncpy(valuebuffer, ippGetString(attr, i, NULL),
faf1e1
-		    sizeof(valuebuffer));
faf1e1
+	    strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
faf1e1
+	    if (strlen(ippGetString(attr, i, NULL)) > 65535)
faf1e1
+	      valuebuffer[65535] = '\0';
faf1e1
 	    debug_printf("  Keyword: %s\n", valuebuffer);
faf1e1
 	    if (valuebuffer[0] != '\0')
faf1e1
 	      break;
faf1e1
@@ -3629,8 +3649,9 @@ create_remote_printer_entry (const char *queue_name,
faf1e1
 	debug_printf("  Value: %s\n", valuebuffer);
faf1e1
 	if (valuebuffer[0] == '\0') {
faf1e1
 	  for (i = 0; i < ippGetCount(attr); i ++) {
faf1e1
-	    strncpy(valuebuffer, ippGetString(attr, i, NULL),
faf1e1
-		    sizeof(valuebuffer));
faf1e1
+	    strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
faf1e1
+	    if (strlen(ippGetString(attr, i, NULL)) > 65535)
faf1e1
+	      valuebuffer[65535] = '\0';
faf1e1
 	    debug_printf("  Keyword: %s\n", valuebuffer);
faf1e1
 	    if (valuebuffer[0] != '\0')
faf1e1
 	      break;
faf1e1
@@ -3663,8 +3684,9 @@ create_remote_printer_entry (const char *queue_name,
faf1e1
 	debug_printf("  Value: %s\n", p->queue_name, valuebuffer);
faf1e1
 	if (valuebuffer[0] == '\0') {
faf1e1
 	  for (i = 0; i < ippGetCount(attr); i ++) {
faf1e1
-	    strncpy(valuebuffer, ippGetString(attr, i, NULL),
faf1e1
-		    sizeof(valuebuffer));
faf1e1
+	    strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
faf1e1
+	    if (strlen(ippGetString(attr, i, NULL)) > 65535)
faf1e1
+	      valuebuffer[65535] = '\0';
faf1e1
 	    debug_printf("  Keyword: %s\n", valuebuffer);
faf1e1
 	    if (valuebuffer[0] != '\0')
faf1e1
 	      break;
faf1e1
@@ -4498,6 +4520,8 @@ gboolean update_cups_queues(gpointer unused) {
faf1e1
       } else {
faf1e1
 	/* Device URI: ipp(s)://<remote host>:631/printers/<remote queue> */
faf1e1
 	strncpy(device_uri, p->uri, sizeof(device_uri));
faf1e1
+	if (strlen(p->uri) > HTTP_MAX_URI-1)
faf1e1
+	  device_uri[HTTP_MAX_URI-1] = '\0';
faf1e1
 	debug_printf("Print queue %s is for an IPP network printer, or we do not get notifications from CUPS, using direct device URI %s\n",
faf1e1
 		     p->queue_name, device_uri);
faf1e1
       }
faf1e1
@@ -4606,6 +4630,8 @@ gboolean update_cups_queues(gpointer unused) {
faf1e1
 	  } else if (!strncmp(line, "*Default", 8)) {
faf1e1
 	    cont_line_read = 0;
faf1e1
 	    strncpy(keyword, line + 8, sizeof(keyword));
faf1e1
+	    if ((strlen(line) + 8) > 1023)
faf1e1
+	      keyword[1023] = '\0';
faf1e1
 	    for (keyptr = keyword; *keyptr; keyptr ++)
faf1e1
 	      if (*keyptr == ':' || isspace(*keyptr & 255))
faf1e1
 		break;
faf1e1
@@ -7144,7 +7170,7 @@ read_configuration (const char *filename)
faf1e1
      in the configuration file is used. */
faf1e1
   while ((i < cupsArrayCount(command_line_config) &&
faf1e1
 	  (value = cupsArrayIndex(command_line_config, i++)) &&
faf1e1
-	  strncpy(line, value, sizeof(line))) ||
faf1e1
+	  strncpy(line, value, sizeof(line)) && ((strlen(value) > HTTP_MAX_BUFFER-1)? line[HTTP_MAX_BUFFER-1] = '\0':  1)) ||
faf1e1
 	 cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) {
faf1e1
     if (linenum < 0) {
faf1e1
       /* We are still reading options from the command line ("-o ..."),
faf1e1
@@ -7371,6 +7397,7 @@ read_configuration (const char *filename)
faf1e1
 	if (filter->cregexp)
faf1e1
 	  regfree(filter->cregexp);
faf1e1
 	free(filter);
faf1e1
+	filter = NULL;
faf1e1
       }
faf1e1
     } else if ((!strcasecmp(line, "BrowseInterval") || !strcasecmp(line, "BrowseTimeout")) && value) {
faf1e1
       int t = atoi(value);
faf1e1
@@ -7386,8 +7413,11 @@ read_configuration (const char *filename)
faf1e1
 	debug_printf("Invalid %s value: %d\n",
faf1e1
 		     line, t);
faf1e1
     } else if (!strcasecmp(line, "DomainSocket") && value) {
faf1e1
-      if (value[0] != '\0')
faf1e1
+      if (value[0] != '\0') {
faf1e1
+	if (DomainSocket != NULL)
faf1e1
+	  free(DomainSocket);
faf1e1
 	DomainSocket = strdup(value);
faf1e1
+      }
faf1e1
     } else if ((!strcasecmp(line, "HttpLocalTimeout") || !strcasecmp(line, "HttpRemoteTimeout")) && value) {
faf1e1
       int t = atoi(value);
faf1e1
       if (t >= 0) {
faf1e1
@@ -7555,6 +7585,10 @@ read_configuration (const char *filename)
faf1e1
 	}
faf1e1
       }
faf1e1
       cupsArrayAdd (clusters, cluster);
faf1e1
+      if (start != NULL) {
faf1e1
+        free(start);
faf1e1
+        start = NULL;
faf1e1
+      }
faf1e1
       continue;
faf1e1
     cluster_fail:
faf1e1
       if (cluster) {
faf1e1
@@ -7568,6 +7602,11 @@ read_configuration (const char *filename)
faf1e1
 	  cupsArrayDelete (cluster->members);
faf1e1
 	}
faf1e1
 	free(cluster);
faf1e1
+        cluster = NULL;
faf1e1
+      }
faf1e1
+      if (start != NULL) {
faf1e1
+        free(start);
faf1e1
+        start = NULL;
faf1e1
       }
faf1e1
     } else if (!strcasecmp(line, "LoadBalancing") && value) {
faf1e1
       if (!strncasecmp(value, "QueueOnClient", 13))
faf1e1
@@ -7575,7 +7614,7 @@ read_configuration (const char *filename)
faf1e1
       else if (!strncasecmp(value, "QueueOnServers", 14))
faf1e1
 	LoadBalancingType = QUEUE_ON_SERVERS;
faf1e1
     } else if (!strcasecmp(line, "DefaultOptions") && value) {
faf1e1
-      if (strlen(value) > 0)
faf1e1
+      if (DefaultOptions == NULL && strlen(value) > 0)
faf1e1
 	DefaultOptions = strdup(value);
faf1e1
     } else if (!strcasecmp(line, "AutoShutdown") && value) {
faf1e1
       char *p, *saveptr;
faf1e1
@@ -7949,10 +7988,12 @@ int main(int argc, char*argv[]) {
faf1e1
      daemon, not with remote ones. */
faf1e1
   if (getenv("CUPS_SERVER") != NULL) {
faf1e1
     strncpy(local_server_str, getenv("CUPS_SERVER"), sizeof(local_server_str));
faf1e1
+    if (strlen(getenv("CUPS_SERVER")) > 1023)
faf1e1
+      local_server_str[1023] = '\0';
faf1e1
   } else {
faf1e1
 #ifdef CUPS_DEFAULT_DOMAINSOCKET
faf1e1
     if (DomainSocket == NULL)
faf1e1
-      DomainSocket = CUPS_DEFAULT_DOMAINSOCKET;
faf1e1
+      DomainSocket = strdup(CUPS_DEFAULT_DOMAINSOCKET);
faf1e1
 #endif
faf1e1
     if (DomainSocket != NULL) {
faf1e1
       struct stat sockinfo;               /* Domain socket information */
faf1e1
@@ -8293,6 +8334,11 @@ fail:
faf1e1
   if (debug_logfile == 1)
faf1e1
     stop_debug_logging();
faf1e1
 
faf1e1
+  if (DefaultOptions != NULL)
faf1e1
+    free(DefaultOptions);
faf1e1
+  if (DomainSocket != NULL)
faf1e1
+    free(DomainSocket);
faf1e1
+
faf1e1
   return ret;
faf1e1
 
faf1e1
  help:
faf1e1
diff --git a/utils/driverless.c b/utils/driverless.c
faf1e1
index 7fc6dae..fe61e58 100644
faf1e1
--- a/utils/driverless.c
faf1e1
+++ b/utils/driverless.c
faf1e1
@@ -227,12 +227,16 @@ list_printers (int mode)
faf1e1
 	
faf1e1
 	if (txt_usb_mfg[0] != '\0') {
faf1e1
 	  strncpy(make, txt_usb_mfg, sizeof(make));
faf1e1
+	  if (strlen(txt_usb_mfg) > 511)
faf1e1
+	    make[511] = '\0';
faf1e1
 	  ptr = device_id + strlen(device_id);
faf1e1
 	  snprintf(ptr, sizeof(device_id) - (size_t)(ptr - device_id),
faf1e1
 		   "MFG:%s;", txt_usb_mfg);
faf1e1
 	}
faf1e1
 	if (txt_usb_mdl[0] != '\0') {
faf1e1
 	  strncpy(model, txt_usb_mdl, sizeof(model));
faf1e1
+	  if (strlen(txt_usb_mdl) > 255)
faf1e1
+	    model[255] = '\0';
faf1e1
 	  ptr = device_id + strlen(device_id);
faf1e1
 	  snprintf(ptr, sizeof(device_id) - (size_t)(ptr - device_id),
faf1e1
 		   "MDL:%s;", txt_usb_mdl);
faf1e1
@@ -243,15 +247,22 @@ list_printers (int mode)
faf1e1
 		*ptr == ')')
faf1e1
 	      *ptr = '\0';
faf1e1
 	    strncpy(model, txt_product + 1, sizeof(model));
faf1e1
+	    if ((strlen(txt_product) + 1) > 255)
faf1e1
+	      model[255] = '\0';
faf1e1
 	  } else
faf1e1
 	    strncpy(model, txt_product, sizeof(model));
faf1e1
 	} else if (txt_ty[0] != '\0') {
faf1e1
 	  strncpy(model, txt_ty, sizeof(model));
faf1e1
+	  if (strlen(txt_ty) > 255)
faf1e1
+	    model[255] = '\0';
faf1e1
 	  if ((ptr = strchr(model, ',')) != NULL)
faf1e1
 	    *ptr = '\0';
faf1e1
 	}
faf1e1
-	if (txt_pdl[0] != '\0')
faf1e1
+	if (txt_pdl[0] != '\0') {
faf1e1
 	  strncpy(pdl, txt_pdl, sizeof(pdl));
faf1e1
+	  if (strlen(txt_pdl) > 255)
faf1e1
+	    pdl[255] = '\0';
faf1e1
+	}
faf1e1
 
faf1e1
 	if (!device_id[0] && strcasecmp(model, "Unknown")) {
faf1e1
 	  if (make[0])