[Printing-architecture] [patch] cups-1.7.0: job history fix

Michael Sweet msweet at apple.com
Mon Oct 28 15:35:13 UTC 2013


and here is the fix:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: rdar15331639.patch
Type: application/octet-stream
Size: 677 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/printing-architecture/attachments/20131028/ccdc3a9f/attachment.obj>
-------------- next part --------------

On Oct 28, 2013, at 11:30 AM, Michael Sweet <msweet at apple.com> wrote:

> Tim,
> 
> Thanks, I filed this as:
> 
>    <rdar://problem/15331639> cups.org: Regression in auto-debug logging
> 
> That said, your proposed fix actually isn't safe either - the Fortify strcpy stuff in glibc effectively converts the strcpy to a strlcpy, so the code will break if you happen to compile using the -D_FORTIFY_SOURCE=2 compiler option.
> 
> I will follow up with a memcpy-based fix.
> 
> Thanks for reporting this!
> 
> (and we are 1 electronic signature away from getting cups.org's bug tracker back online...)
> 
> 
> On Oct 25, 2013, at 11:36 AM, Tim Waugh <twaugh at redhat.com> wrote:
> 
>> Hi,
>> 
>> While playing around with a logging enhancement? I discovered a bug in
>> the job history code. It was introduced some time after the public
>> source repository was taken off-line, so I don't know what the
>> motivation for the change was.
>> 
>> A cups_joblog_t declares 'char message[1]' for the message, and is
>> allocated with enough storage for the intended message. However, the
>> message is copied in with strlcpy, with a limit of
>> sizeof(cups_joblog_t->message). As a result, the message is severely(!)
>> truncated.
>> 
>> The fix is to undo the change as attached.
>> 
>> Tim.
>> */
>> 
>> ? http://cyberelk.net/tim/2013/10/25/cups-adding-support-for-system-journal/
>> <cups-jobhistory.patch>_______________________________________________
>> Printing-architecture mailing list
>> Printing-architecture at lists.linux-foundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/printing-architecture
> 
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
> 
> _______________________________________________
> Printing-architecture mailing list
> Printing-architecture at lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/printing-architecture

_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair



More information about the Printing-architecture mailing list