diff -up cups-filters-1.0.35/utils/cups-browsed.c.CVE-2014-4338 cups-filters-1.0.35/utils/cups-browsed.c
--- cups-filters-1.0.35/utils/cups-browsed.c.CVE-2014-4338	2014-10-08 14:10:19.389201254 +0100
+++ cups-filters-1.0.35/utils/cups-browsed.c	2014-10-08 16:24:09.648892671 +0100
@@ -91,7 +91,8 @@ typedef struct netif_s {
 /* Data structure for browse allow/deny rules */
 typedef enum allow_type_e {
   ALLOW_IP,
-  ALLOW_NET
+  ALLOW_NET,
+  ALLOW_INVALID
 } allow_type_t;
 typedef struct allow_s {
   allow_type_t type;
@@ -1094,6 +1095,9 @@ allowed (struct sockaddr *srcaddr)
        allow;
        allow = cupsArrayNext (browseallow)) {
     switch (allow->type) {
+    case ALLOW_INVALID:
+      break;
+
     case ALLOW_IP:
       switch (srcaddr->sa_family) {
       case AF_INET:
@@ -1699,6 +1703,8 @@ read_browseallow_value (const char *valu
   char *p;
   struct in_addr addr;
   allow_t *allow = calloc (1, sizeof (allow_t));
+  if (value == NULL)
+    goto fail;
   p = strchr (value, '/');
   if (p) {
     char *s = strdup (value);
@@ -1741,7 +1747,8 @@ read_browseallow_value (const char *valu
   return 0;
 
 fail:
-  free (allow);
+  allow->type = ALLOW_INVALID;
+  cupsArrayAdd (browseallow, allow);
   return 1;
 }
 
@@ -1798,7 +1805,7 @@ read_configuration (const char *filename
 	debug_printf("cups-browsed: Adding BrowsePoll server: %s\n", value);
 	BrowsePoll[NumBrowsePoll++] = strdup (value);
       }
-    } else if (!strcasecmp(line, "BrowseAllow") && value)
+    } else if (!strcasecmp(line, "BrowseAllow"))
       if (read_browseallow_value (value))
 	debug_printf ("cups-browsed: BrowseAllow value \"%s\" not understood\n",
 		      value);