[Printing-architecture] [patch] cups-1.7.0: job history fix

Michael Sweet msweet at apple.com
Mon Oct 28 15:30:12 UTC 2013


Tim,

Thanks, I filed this as:

    <rdar://problem/15331639> cups.org: Regression in auto-debug logging

That said, your proposed fix actually isn't safe either - the Fortify strcpy stuff in glibc effectively converts the strcpy to a strlcpy, so the code will break if you happen to compile using the -D_FORTIFY_SOURCE=2 compiler option.

I will follow up with a memcpy-based fix.

Thanks for reporting this!

(and we are 1 electronic signature away from getting cups.org's bug tracker back online...)


On Oct 25, 2013, at 11:36 AM, Tim Waugh <twaugh at redhat.com> wrote:

> Hi,
> 
> While playing around with a logging enhancement¹ I discovered a bug in
> the job history code. It was introduced some time after the public
> source repository was taken off-line, so I don't know what the
> motivation for the change was.
> 
> A cups_joblog_t declares 'char message[1]' for the message, and is
> allocated with enough storage for the intended message. However, the
> message is copied in with strlcpy, with a limit of
> sizeof(cups_joblog_t->message). As a result, the message is severely(!)
> truncated.
> 
> The fix is to undo the change as attached.
> 
> Tim.
> */
> 
> ¹ http://cyberelk.net/tim/2013/10/25/cups-adding-support-for-system-journal/
> <cups-jobhistory.patch>_______________________________________________
> Printing-architecture mailing list
> Printing-architecture at lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/printing-architecture

_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair



More information about the Printing-architecture mailing list