diff --git a/backend/beh.c b/backend/beh.c
index 9ba6613..7514e33 100644
--- a/backend/beh.c
+++ b/backend/beh.c
@@ -223,6 +223,8 @@ call_backend(char *uri, /* I - URI of final destination */
*/
strncpy(scheme, uri, sizeof(scheme));
+ if (strlen(uri) > 1023)
+ scheme[1023] = '\0';
if ((ptr = strchr(scheme, ':')) != NULL)
*ptr = '\0';
diff --git a/backend/implicitclass.c b/backend/implicitclass.c
index 3ce4d10..1593191 100644
--- a/backend/implicitclass.c
+++ b/backend/implicitclass.c
@@ -104,6 +104,8 @@ main(int argc, /* I - Number of command-line args */
}
ptr1 ++;
strncpy(queue_name, ptr1, sizeof(queue_name));
+ if (strlen(ptr1) > 1023)
+ queue_name[1023] = '\0';
httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL,
"localhost", ippPort(), "/printers/%s", queue_name);
job_id = argv[1];
@@ -162,6 +164,8 @@ main(int argc, /* I - Number of command-line args */
/* Read destination host name (or message) and check whether it is
complete (second double quote) */
strncpy(dest_host, ptr1, sizeof(dest_host));
+ if (strlen(ptr1) > 1023)
+ dest_host[1023] = '\0';
ptr1 = dest_host;
if ((ptr2 = strchr(ptr1, '"')) != NULL) {
*ptr2 = '\0';
diff --git a/cupsfilters/colormanager.c b/cupsfilters/colormanager.c
index 70074a3..a4a929d 100644
--- a/cupsfilters/colormanager.c
+++ b/cupsfilters/colormanager.c
@@ -272,6 +272,9 @@ _get_colord_profile(const char *printer_name, /* Dest name */
free(qualifier);
}
+ if (icc_profile != NULL)
+ free(icc_profile);
+
return is_profile_set;
}
@@ -325,8 +328,11 @@ _get_ppd_icc_fallback (ppd_file_t *ppd, char **qualifier)
if (attr->value[0] != '/')
snprintf(full_path, sizeof(full_path),
"%s/profiles/%s", CUPSDATA, attr->value);
- else
+ else {
strncpy(full_path, attr->value, sizeof(full_path));
+ if (strlen(attr->value) > 1023)
+ full_path[1023] = '\0';
+ }
/* check the file exists */
if (access(full_path, 0)) {
diff --git a/cupsfilters/image-sgilib.c b/cupsfilters/image-sgilib.c
index 0b70c13..bf2dd80 100644
--- a/cupsfilters/image-sgilib.c
+++ b/cupsfilters/image-sgilib.c
@@ -282,7 +282,7 @@ sgiOpenFile(FILE *file, /* I - File to open */
sgip->mode = SGI_WRITE;
putshort(SGI_MAGIC, sgip->file);
- putc((sgip->comp = comp) != 0, sgip->file);
+ putc(((sgip->comp = comp) != 0) ? '1': '0', sgip->file);
putc(sgip->bpp = bpp, sgip->file);
putshort(3, sgip->file); /* Dimensions */
putshort(sgip->xsize = xsize, sgip->file);
diff --git a/cupsfilters/image-sun.c b/cupsfilters/image-sun.c
index 609b194..989d039 100644
--- a/cupsfilters/image-sun.c
+++ b/cupsfilters/image-sun.c
@@ -114,6 +114,7 @@ _cupsImageReadSunRaster(
ras_depth == 0 || ras_depth > 32)
{
fputs("DEBUG: Raster image cannot be loaded!\n", stderr);
+ fclose(fp);
return (1);
}
diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c
index 052e3c5..3bc4d8a 100644
--- a/cupsfilters/ppdgenerator.c
+++ b/cupsfilters/ppdgenerator.c
@@ -937,6 +937,10 @@ load_opt_strings_catalog(const char *location, cups_array_t *options)
}
}
cupsFileClose(fp);
+ if (choice_name != NULL)
+ free(choice_name);
+ if (opt_name != NULL)
+ free(opt_name);
if (filename == tmpfile)
unlink(filename);
}
diff --git a/cupsfilters/raster.c b/cupsfilters/raster.c
index 8203690..67d6b9b 100644
--- a/cupsfilters/raster.c
+++ b/cupsfilters/raster.c
@@ -151,11 +151,14 @@ cupsRasterParseIPPOptions(cups_page_header2_t *h, /* I - Raster header */
strcasestr(s, "right") ||
strcasestr(s, "side") ||
strcasestr(s, "main"))
- media_source = strdup(s);
+ {
+ if (media_source == NULL)
+ media_source = strdup(s);
+ }
else
media_type = strdup(s);
}
- if (size_found)
+ if (page_size == NULL && size_found)
page_size = strdup(size_found->pwg);
}
}
@@ -1079,6 +1082,13 @@ cupsRasterParseIPPOptions(cups_page_header2_t *h, /* I - Raster header */
h->cupsRenderingIntent[0] = '\0';
#endif /* HAVE_CUPS_1_7 */
+ if (media_source != NULL)
+ free(media_source);
+ if (media_type != NULL)
+ free(media_type);
+ if (page_size != NULL)
+ free(page_size);
+
return (0);
}
diff --git a/filter/bannertopdf.c b/filter/bannertopdf.c
index b78ea37..2b9bd76 100644
--- a/filter/bannertopdf.c
+++ b/filter/bannertopdf.c
@@ -513,6 +513,15 @@ static int generate_banner_pdf(banner_t *banner,
pdf_duplicate_page(doc, 1, copies);
pdf_write(doc, stdout);
+
+ opt_t * opt_current = known_opts;
+ opt_t * opt_next = NULL;
+ while (opt_current != NULL)
+ {
+ opt_next = opt_current->next;
+ free(opt_current);
+ opt_current = opt_next;
+ }
free(buf);
pdf_free(doc);
return 0;
diff --git a/filter/foomatic-rip/foomaticrip.c b/filter/foomatic-rip/foomaticrip.c
index 2a642ed..13d2035 100644
--- a/filter/foomatic-rip/foomaticrip.c
+++ b/filter/foomatic-rip/foomaticrip.c
@@ -666,6 +666,11 @@ int print_file(const char *filename, int convert)
ret = print_file("<STDIN>", 0);
wait_for_process(renderer_pid);
+ if (in != NULL)
+ fclose(in);
+ if (out != NULL)
+ fclose(out);
+
return ret;
}
@@ -683,6 +688,8 @@ int print_file(const char *filename, int convert)
case UNKNOWN_FILE:
_log("Cannot process \"%s\": Unknown filetype.\n", filename);
+ if (file != NULL)
+ fclose(file);
return 0;
}
@@ -811,10 +818,14 @@ int main(int argc, char** argv)
if (getenv("PPD")) {
strncpy(job->ppdfile, getenv("PPD"), 2048);
+ if (strlen(getenv("PPD")) > 2047)
+ job->ppdfile[2047] = '\0';
spooler = SPOOLER_CUPS;
- if (getenv("CUPS_SERVERBIN"))
- strncpy(cupsfilterpath, getenv("CUPS_SERVERBIN"),
- sizeof(cupsfilterpath));
+ if (getenv("CUPS_SERVERBIN")) {
+ strncpy(cupsfilterpath, getenv("CUPS_SERVERBIN"), sizeof(cupsfilterpath));
+ if (strlen(getenv("CUPS_SERVERBIN")) > PATH_MAX-1)
+ cupsfilterpath[PATH_MAX-1] = '\0';
+ }
}
/* Check status of printer color management from the color manager */
@@ -834,10 +845,14 @@ int main(int argc, char** argv)
allow duplicates, and use the last specified one */
while ((str = arglist_get_value(arglist, "-p"))) {
strncpy(job->ppdfile, str, 2048);
+ if (strlen(str) > 2047)
+ job->ppdfile[2047] = '\0';
arglist_remove(arglist, "-p");
}
while ((str = arglist_get_value(arglist, "--ppd"))) {
strncpy(job->ppdfile, str, 2048);
+ if (strlen(str) > 2047)
+ job->ppdfile[2047] = '\0';
arglist_remove(arglist, "--ppd");
}
@@ -1020,6 +1035,7 @@ int main(int argc, char** argv)
cmd[0] = '\0';
snprintf(gstoraster, sizeof(gstoraster), "gs -dQUIET -dDEBUG -dPARANOIDSAFER -dNOPAUSE -dBATCH -dNOINTERPOLATE -dNOMEDIAATTRS -sDEVICE=cups -dShowAcroForm %s -sOutputFile=- -", cmd);
+ free(icc_profile);
}
/* build Ghostscript/CUPS driver command line */
diff --git a/filter/foomatic-rip/options.c b/filter/foomatic-rip/options.c
index 325a0a6..798ddf9 100644
--- a/filter/foomatic-rip/options.c
+++ b/filter/foomatic-rip/options.c
@@ -1031,12 +1031,10 @@ int option_set_value(option_t *opt, int optionset, const char *value)
/* TODO only set the changed option, not all of them */
choice = option_find_choice(fromopt,
option_get_value(fromopt, optionset));
-
composite_set_values(fromopt, optionset, choice->command);
- }
- else {
+ free(newvalue);
+ } else
val->value = newvalue;
- }
if (option_is_composite(opt)) {
/* set dependent values */
@@ -1914,6 +1912,8 @@ int ppd_supports_pdf()
if (startswith(cmd, "gs"))
{
strncpy(cmd_pdf, cmd, 4096);
+ if (strlen(cmd) > 4095)
+ cmd_pdf[4095] = '\0';
return 1;
}
diff --git a/filter/foomatic-rip/spooler.c b/filter/foomatic-rip/spooler.c
index 236551f..4f27563 100644
--- a/filter/foomatic-rip/spooler.c
+++ b/filter/foomatic-rip/spooler.c
@@ -94,6 +94,8 @@ void init_cups(list_t *arglist, dstr_t *filelist, jobparams_t *job)
CUPS puts the print queue name into the PRINTER environment variable
when calling filters. */
strncpy(job->printer, getenv("PRINTER"), 256);
+ if (strlen(getenv("PRINTER")) > 255)
+ job->printer[255] = '\0';
free(cups_options);
}
diff --git a/filter/pdftops.c b/filter/pdftops.c
index 55d2ec1..a648444 100644
--- a/filter/pdftops.c
+++ b/filter/pdftops.c
@@ -427,6 +427,8 @@ main(int argc, /* I - Number of command-line args */
if ((val = cupsGetOption("make-and-model", num_options, options)) != NULL)
{
strncpy(make_model, val, sizeof(make_model));
+ if (strlen(val) > 127)
+ make_model[127] = '\0';
for (ptr = make_model; *ptr; ptr ++)
if (*ptr == '-') *ptr = ' ';
}
diff --git a/filter/pdftoraster.cxx b/filter/pdftoraster.cxx
index 4cd656a..0c63ab8 100644
--- a/filter/pdftoraster.cxx
+++ b/filter/pdftoraster.cxx
@@ -558,8 +558,10 @@ static void parseOpts(int argc, char **argv)
if (!cm_disabled)
cmGetPrinterIccProfile(getenv("PRINTER"), &profile, ppd);
- if (profile != NULL)
- colorProfile = cmsOpenProfileFromFile(profile,"r");
+ if (profile != NULL) {
+ colorProfile = cmsOpenProfileFromFile(profile,"r");
+ free(profile);
+ }
#ifdef HAVE_CUPS_1_7
if ((attr = ppdFindAttr(ppd,"PWGRaster",0)) != 0 &&
diff --git a/filter/rastertoescpx.c b/filter/rastertoescpx.c
index 5a3e5df..a0ec416 100644
--- a/filter/rastertoescpx.c
+++ b/filter/rastertoescpx.c
@@ -1141,7 +1141,10 @@ EndPage(ppd_file_t *ppd, /* I - PPD file */
}
}
else
+ {
free(DotBuffers[0]);
+ DotBuffers[0] = NULL;
+ }
/*
* Output a page eject sequence...
@@ -1440,7 +1443,7 @@ CompressData(ppd_file_t *ppd, /* I - PPD file information */
printf("\033i");
putchar(ctable[PrinterPlanes - 1][plane]);
- putchar(type != 0);
+ putchar((type != 0) ? '1': '0');
putchar(BitPlanes);
putchar(bytes & 255);
putchar(bytes >> 8);
@@ -1470,7 +1473,7 @@ CompressData(ppd_file_t *ppd, /* I - PPD file information */
bytes *= 8;
printf("\033.");
- putchar(type != 0);
+ putchar((type != 0) ? '1': '0');
putchar(ystep);
putchar(xstep);
putchar(rows);
@@ -1907,6 +1910,10 @@ main(int argc, /* I - Number of command-line arguments */
if (fd != 0)
close(fd);
+ for (int i = 0; i < 7; i++)
+ if (DotBuffers[i] != NULL)
+ free(DotBuffers[i]);
+
return (page == 0);
}
diff --git a/filter/rastertops.c b/filter/rastertops.c
index d5d955b..531eb70 100644
--- a/filter/rastertops.c
+++ b/filter/rastertops.c
@@ -282,6 +282,8 @@ write_flate(cups_raster_t *ras, /* I - Image data */
if (fwrite(out, 1, have, stdout) != have)
{
(void)deflateEnd(&strm);
+ if (convertedpix != NULL)
+ free(convertedpix);
return Z_ERRNO;
}
} while (strm.avail_out == 0);
diff --git a/filter/sys5ippprinter.c b/filter/sys5ippprinter.c
index ad75551..9a92c8e 100644
--- a/filter/sys5ippprinter.c
+++ b/filter/sys5ippprinter.c
@@ -570,6 +570,8 @@ exec_filter(const char *filter, /* I - Filter to execute */
dup2(fd, 2);
close(fd);
}
+ else
+ close(fd);
fcntl(2, F_SETFL, O_NDELAY);
}
@@ -578,6 +580,8 @@ exec_filter(const char *filter, /* I - Filter to execute */
dup2(fd, 3);
close(fd);
}
+ else
+ close(fd);
fcntl(3, F_SETFL, O_NDELAY);
if ((fd = open("/dev/null", O_RDWR)) > 4)
@@ -585,6 +589,8 @@ exec_filter(const char *filter, /* I - Filter to execute */
dup2(fd, 4);
close(fd);
}
+ else
+ close(fd);
fcntl(4, F_SETFL, O_NDELAY);
/*
@@ -654,8 +660,11 @@ exec_filters(cups_array_t *filters, /* I - Array of filters to run */
{
next = (char *)cupsArrayNext(filters);
- if (filter[0] == '/')
+ if (filter[0] == '/') {
strncpy(program, filter, sizeof(program));
+ if (strlen(filter) > 1023)
+ program[1023] = '\0';
+ }
else
{
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c
index a2a4a08..19a2ac8 100644
--- a/utils/cups-browsed.c
+++ b/utils/cups-browsed.c
@@ -2245,7 +2245,10 @@ is_disabled(const char *printer, const char *reason) {
pstate = (ipp_pstate_t)ippGetInteger(attr, 0);
else if (!strcmp(ippGetName(attr), "printer-state-message") &&
ippGetValueTag(attr) == IPP_TAG_TEXT) {
- free(pstatemsg);
+ if (pstatemsg != NULL) {
+ free(pstatemsg);
+ pstatemsg = NULL;
+ }
p = ippGetString(attr, 0, NULL);
if (p != NULL) pstatemsg = strdup(p);
}
@@ -2262,16 +2265,22 @@ is_disabled(const char *printer, const char *reason) {
case IPP_PRINTER_IDLE:
case IPP_PRINTER_PROCESSING:
ippDelete(response);
- free(pstatemsg);
+ if (pstatemsg != NULL) {
+ free(pstatemsg);
+ pstatemsg = NULL;
+ }
return NULL;
case IPP_PRINTER_STOPPED:
ippDelete(response);
if (reason == NULL)
return pstatemsg;
- else if (strcasestr(pstatemsg, reason) != NULL)
+ else if (pstatemsg != NULL && (strcasestr(pstatemsg, reason) != NULL))
return pstatemsg;
else {
- free(pstatemsg);
+ if (pstatemsg != NULL) {
+ free(pstatemsg);
+ pstatemsg = NULL;
+ }
return NULL;
}
}
@@ -2280,12 +2289,18 @@ is_disabled(const char *printer, const char *reason) {
debug_printf("No information regarding enabled/disabled found about the requested printer '%s'\n",
printer);
ippDelete(response);
- free(pstatemsg);
+ if (pstatemsg != NULL) {
+ free(pstatemsg);
+ pstatemsg = NULL;
+ }
return NULL;
}
debug_printf("ERROR: Request for printer info failed: %s\n",
cupsLastErrorString());
- free(pstatemsg);
+ if (pstatemsg != NULL) {
+ free(pstatemsg);
+ pstatemsg = NULL;
+ }
return NULL;
}
@@ -3040,6 +3055,8 @@ on_printer_state_changed (CupsNotifier *object,
dest_host = p->ip ? p->ip : p->host;
dest_port = p->port;
strncpy(dest_name, remote_cups_queue, sizeof(dest_name));
+ if (strlen(remote_cups_queue) > 1023)
+ dest_name[1023] = '\0';
dest_index = i;
debug_printf("Printer %s on host %s, port %d is idle, take this as destination and stop searching.\n",
remote_cups_queue, p->host, p->port);
@@ -3056,8 +3073,9 @@ on_printer_state_changed (CupsNotifier *object,
min_jobs = num_jobs;
dest_host = p->ip ? p->ip : p->host;
dest_port = p->port;
- strncpy(dest_name, remote_cups_queue,
- sizeof(dest_name));
+ strncpy(dest_name, remote_cups_queue, sizeof(dest_name));
+ if (strlen(remote_cups_queue) > 1023)
+ dest_name[1023] = '\0';
dest_index = i;
}
debug_printf("Printer %s on host %s, port %d is printing and it has %d jobs.\n",
@@ -3566,8 +3584,9 @@ create_remote_printer_entry (const char *queue_name,
IPP_TAG_KEYWORD)) != NULL) {
debug_printf(" Attr: %s\n", ippGetName(attr));
for (i = 0; i < ippGetCount(attr); i ++) {
- strncpy(valuebuffer, ippGetString(attr, i, NULL),
- sizeof(valuebuffer));
+ strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
+ if (strlen(ippGetString(attr, i, NULL)) > 65535)
+ valuebuffer[65535] = '\0';
debug_printf(" Keyword: %s\n", valuebuffer);
if (valuebuffer[0] > '1')
break;
@@ -3598,8 +3617,9 @@ create_remote_printer_entry (const char *queue_name,
debug_printf(" Value: %s\n", valuebuffer);
if (valuebuffer[0] == '\0') {
for (i = 0; i < ippGetCount(attr); i ++) {
- strncpy(valuebuffer, ippGetString(attr, i, NULL),
- sizeof(valuebuffer));
+ strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
+ if (strlen(ippGetString(attr, i, NULL)) > 65535)
+ valuebuffer[65535] = '\0';
debug_printf(" Keyword: %s\n", valuebuffer);
if (valuebuffer[0] != '\0')
break;
@@ -3629,8 +3649,9 @@ create_remote_printer_entry (const char *queue_name,
debug_printf(" Value: %s\n", valuebuffer);
if (valuebuffer[0] == '\0') {
for (i = 0; i < ippGetCount(attr); i ++) {
- strncpy(valuebuffer, ippGetString(attr, i, NULL),
- sizeof(valuebuffer));
+ strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
+ if (strlen(ippGetString(attr, i, NULL)) > 65535)
+ valuebuffer[65535] = '\0';
debug_printf(" Keyword: %s\n", valuebuffer);
if (valuebuffer[0] != '\0')
break;
@@ -3663,8 +3684,9 @@ create_remote_printer_entry (const char *queue_name,
debug_printf(" Value: %s\n", p->queue_name, valuebuffer);
if (valuebuffer[0] == '\0') {
for (i = 0; i < ippGetCount(attr); i ++) {
- strncpy(valuebuffer, ippGetString(attr, i, NULL),
- sizeof(valuebuffer));
+ strncpy(valuebuffer, ippGetString(attr, i, NULL), sizeof(valuebuffer));
+ if (strlen(ippGetString(attr, i, NULL)) > 65535)
+ valuebuffer[65535] = '\0';
debug_printf(" Keyword: %s\n", valuebuffer);
if (valuebuffer[0] != '\0')
break;
@@ -4498,6 +4520,8 @@ gboolean update_cups_queues(gpointer unused) {
} else {
/* Device URI: ipp(s)://<remote host>:631/printers/<remote queue> */
strncpy(device_uri, p->uri, sizeof(device_uri));
+ if (strlen(p->uri) > HTTP_MAX_URI-1)
+ device_uri[HTTP_MAX_URI-1] = '\0';
debug_printf("Print queue %s is for an IPP network printer, or we do not get notifications from CUPS, using direct device URI %s\n",
p->queue_name, device_uri);
}
@@ -4606,6 +4630,8 @@ gboolean update_cups_queues(gpointer unused) {
} else if (!strncmp(line, "*Default", 8)) {
cont_line_read = 0;
strncpy(keyword, line + 8, sizeof(keyword));
+ if ((strlen(line) + 8) > 1023)
+ keyword[1023] = '\0';
for (keyptr = keyword; *keyptr; keyptr ++)
if (*keyptr == ':' || isspace(*keyptr & 255))
break;
@@ -7144,7 +7170,7 @@ read_configuration (const char *filename)
in the configuration file is used. */
while ((i < cupsArrayCount(command_line_config) &&
(value = cupsArrayIndex(command_line_config, i++)) &&
- strncpy(line, value, sizeof(line))) ||
+ strncpy(line, value, sizeof(line)) && ((strlen(value) > HTTP_MAX_BUFFER-1)? line[HTTP_MAX_BUFFER-1] = '\0': 1)) ||
cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) {
if (linenum < 0) {
/* We are still reading options from the command line ("-o ..."),
@@ -7371,6 +7397,7 @@ read_configuration (const char *filename)
if (filter->cregexp)
regfree(filter->cregexp);
free(filter);
+ filter = NULL;
}
} else if ((!strcasecmp(line, "BrowseInterval") || !strcasecmp(line, "BrowseTimeout")) && value) {
int t = atoi(value);
@@ -7386,8 +7413,11 @@ read_configuration (const char *filename)
debug_printf("Invalid %s value: %d\n",
line, t);
} else if (!strcasecmp(line, "DomainSocket") && value) {
- if (value[0] != '\0')
+ if (value[0] != '\0') {
+ if (DomainSocket != NULL)
+ free(DomainSocket);
DomainSocket = strdup(value);
+ }
} else if ((!strcasecmp(line, "HttpLocalTimeout") || !strcasecmp(line, "HttpRemoteTimeout")) && value) {
int t = atoi(value);
if (t >= 0) {
@@ -7555,6 +7585,10 @@ read_configuration (const char *filename)
}
}
cupsArrayAdd (clusters, cluster);
+ if (start != NULL) {
+ free(start);
+ start = NULL;
+ }
continue;
cluster_fail:
if (cluster) {
@@ -7568,6 +7602,11 @@ read_configuration (const char *filename)
cupsArrayDelete (cluster->members);
}
free(cluster);
+ cluster = NULL;
+ }
+ if (start != NULL) {
+ free(start);
+ start = NULL;
}
} else if (!strcasecmp(line, "LoadBalancing") && value) {
if (!strncasecmp(value, "QueueOnClient", 13))
@@ -7575,7 +7614,7 @@ read_configuration (const char *filename)
else if (!strncasecmp(value, "QueueOnServers", 14))
LoadBalancingType = QUEUE_ON_SERVERS;
} else if (!strcasecmp(line, "DefaultOptions") && value) {
- if (strlen(value) > 0)
+ if (DefaultOptions == NULL && strlen(value) > 0)
DefaultOptions = strdup(value);
} else if (!strcasecmp(line, "AutoShutdown") && value) {
char *p, *saveptr;
@@ -7949,10 +7988,12 @@ int main(int argc, char*argv[]) {
daemon, not with remote ones. */
if (getenv("CUPS_SERVER") != NULL) {
strncpy(local_server_str, getenv("CUPS_SERVER"), sizeof(local_server_str));
+ if (strlen(getenv("CUPS_SERVER")) > 1023)
+ local_server_str[1023] = '\0';
} else {
#ifdef CUPS_DEFAULT_DOMAINSOCKET
if (DomainSocket == NULL)
- DomainSocket = CUPS_DEFAULT_DOMAINSOCKET;
+ DomainSocket = strdup(CUPS_DEFAULT_DOMAINSOCKET);
#endif
if (DomainSocket != NULL) {
struct stat sockinfo; /* Domain socket information */
@@ -8293,6 +8334,11 @@ fail:
if (debug_logfile == 1)
stop_debug_logging();
+ if (DefaultOptions != NULL)
+ free(DefaultOptions);
+ if (DomainSocket != NULL)
+ free(DomainSocket);
+
return ret;
help:
diff --git a/utils/driverless.c b/utils/driverless.c
index 7fc6dae..fe61e58 100644
--- a/utils/driverless.c
+++ b/utils/driverless.c
@@ -227,12 +227,16 @@ list_printers (int mode)
if (txt_usb_mfg[0] != '\0') {
strncpy(make, txt_usb_mfg, sizeof(make));
+ if (strlen(txt_usb_mfg) > 511)
+ make[511] = '\0';
ptr = device_id + strlen(device_id);
snprintf(ptr, sizeof(device_id) - (size_t)(ptr - device_id),
"MFG:%s;", txt_usb_mfg);
}
if (txt_usb_mdl[0] != '\0') {
strncpy(model, txt_usb_mdl, sizeof(model));
+ if (strlen(txt_usb_mdl) > 255)
+ model[255] = '\0';
ptr = device_id + strlen(device_id);
snprintf(ptr, sizeof(device_id) - (size_t)(ptr - device_id),
"MDL:%s;", txt_usb_mdl);
@@ -243,15 +247,22 @@ list_printers (int mode)
*ptr == ')')
*ptr = '\0';
strncpy(model, txt_product + 1, sizeof(model));
+ if ((strlen(txt_product) + 1) > 255)
+ model[255] = '\0';
} else
strncpy(model, txt_product, sizeof(model));
} else if (txt_ty[0] != '\0') {
strncpy(model, txt_ty, sizeof(model));
+ if (strlen(txt_ty) > 255)
+ model[255] = '\0';
if ((ptr = strchr(model, ',')) != NULL)
*ptr = '\0';
}
- if (txt_pdl[0] != '\0')
+ if (txt_pdl[0] != '\0') {
strncpy(pdl, txt_pdl, sizeof(pdl));
+ if (strlen(txt_pdl) > 255)
+ pdl[255] = '\0';
+ }
if (!device_id[0] && strcasecmp(model, "Unknown")) {
if (make[0])