Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
cups
cups-1.7.5-CVE-2020-10001.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cups-1.7.5-CVE-2020-10001.patch of Package cups
--- cups/ipp.c.orig 2021-01-11 11:27:47.702893694 +0100 +++ cups/ipp.c 2021-01-11 12:21:04.539507157 +0100 @@ -2990,7 +2990,8 @@ ippReadIO(void *src, /* I - Data unsigned char *buffer, /* Data buffer */ string[IPP_MAX_TEXT], /* Small string buffer */ - *bufptr; /* Pointer into buffer */ + *bufptr, /* Pointer into buffer */ + *bufend; /* End of buffer */ ipp_attribute_t *attr; /* Current attribute */ ipp_tag_t tag; /* Current tag */ ipp_tag_t value_tag; /* Current value tag */ @@ -3554,6 +3555,7 @@ ippReadIO(void *src, /* I - Data } bufptr = buffer; + bufend = buffer + n; /* * text-with-language and name-with-language are composite @@ -3567,8 +3569,7 @@ ippReadIO(void *src, /* I - Data n = (bufptr[0] << 8) | bufptr[1]; - if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || - n >= sizeof(string)) + if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string)) { _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP language length overflows value."), 1); @@ -3595,7 +3596,7 @@ ippReadIO(void *src, /* I - Data bufptr += 2 + n; n = (bufptr[0] << 8) | bufptr[1]; - if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE)) + if ((bufptr + 2 + n) > bufend) { _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP string length overflows value."), 1);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
