Re: ports/129001: [vuxml] [patch] print/cups-base: fix NULL-pointer dereference

Fri, 21 Nov 2008 23:19:48 -0800 

Dirk, good day.

Fri, Nov 21, 2008 at 07:46:12PM +0100, [EMAIL PROTECTED] wrote:
> Synopsis: [vuxml] [patch] print/cups-base: fix NULL-pointer dereference
> 
> State-Changed-From-To: open->feedback
> State-Changed-By: dinoex
> State-Changed-When: Fri Nov 21 19:45:23 CET 2008
> State-Changed-Why: 
> 
> The patch do not apply.
[...]
> (Creating file ./files/patch-fix-subscriptions-null-dereference...)
> Patching file ./files/patch-fix-subscriptions-null-dereference using Plan A...
> patch: **** malformed patch at line 24: 
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

Yeah, I think that you run into issue with query-pr.cgi and line
continuations quoted-printable encoding.  I have www/127898, but it
seems to be incomplete in respect to the attachments.  Will try to
extend the patch and post followup to the mentioned PR.

The patch for CUPS is attached, hope it will be delivered in the
unbroken form now.

Sorry for confusion.
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #

diff -urN ./Makefile ../cups-base/Makefile
--- ./Makefile	2008-11-20 02:48:10.000000000 +0300
+++ ../cups-base/Makefile	2008-11-20 03:07:03.000000000 +0300
@@ -7,6 +7,7 @@
 
 PORTNAME=	cups
 PORTVERSION=	1.3.9
+PORTREVISION=	1
 DISTVERSIONSUFFIX=	-source
 CATEGORIES=	print
 MASTER_SITES=	EASYSW/${PORTNAME}/${DISTVERSION}
diff -urN ./files/patch-fix-subscriptions-null-dereference ../cups-base/files/patch-fix-subscriptions-null-dereference
--- ./files/patch-fix-subscriptions-null-dereference	1970-01-01 03:00:00.000000000 +0300
+++ ../cups-base/files/patch-fix-subscriptions-null-dereference	2008-11-20 11:33:59.000000000 +0300
@@ -0,0 +1,179 @@
+Obtained from: Michael Sweet, via oss-security list,
+  http://www.openwall.com/lists/oss-security/2008/11/20/2
+
+Index: test/run-stp-tests.sh
+===================================================================
+--- test/run-stp-tests.sh	(revision 8145)
++++ test/run-stp-tests.sh	(revision 8146)
+@@ -307,6 +307,7 @@
+ DocumentRoot $root/doc
+ RequestRoot /tmp/cups-$user/spool
+ TempDir /tmp/cups-$user/spool/temp
++MaxSubscriptions 3
+ MaxLogSize 0
+ AccessLog /tmp/cups-$user/log/access_log
+ ErrorLog /tmp/cups-$user/log/error_log
+Index: test/4.4-subscription-ops.test
+===================================================================
+--- test/4.4-subscription-ops.test	(revision 8145)
++++ test/4.4-subscription-ops.test	(revision 8146)
+@@ -116,7 +116,33 @@
+ 	EXPECT notify-events
+ 	DISPLAY notify-events
+ }
++{
++	# The name of the test...
++	NAME "Check MaxSubscriptions limits"
+ 
++	# The operation to use
++	OPERATION Create-Printer-Subscription
++	RESOURCE /
++
++	# The attributes to send
++	GROUP operation
++	ATTR charset attributes-charset utf-8
++	ATTR language attributes-natural-language en
++	ATTR uri printer-uri $method://$hostname:$port/printers/Test1
++
++        GROUP subscription
++	ATTR uri notify-recipient-uri testnotify://
++	ATTR keyword notify-events printer-state-changed
++	ATTR integer notify-lease-duration 5
++
++	# What statuses are OK?
++	STATUS client-error-too-many-subscriptions
++
++	# What attributes do we expect?
++	EXPECT attributes-charset
++	EXPECT attributes-natural-language
++}
++
+ #
+ # End of "$Id$"
+ #
+Index: scheduler/subscriptions.c
+===================================================================
+--- scheduler/subscriptions.c	(revision 8145)
++++ scheduler/subscriptions.c	(revision 8146)
+@@ -341,9 +341,55 @@
+   * Limit the number of subscriptions...
+   */
+ 
+-  if (cupsArrayCount(Subscriptions) >= MaxSubscriptions)
++  if (MaxSubscriptions > 0 && cupsArrayCount(Subscriptions) >= MaxSubscriptions)
++  {
++    cupsdLogMessage(CUPSD_LOG_DEBUG,
++                    "cupsdAddSubscription: Reached MaxSubscriptions %d",
++		    MaxSubscriptions);
+     return (NULL);
++  }
+ 
++  if (MaxSubscriptionsPerJob > 0 && job)
++  {
++    int	count;				/* Number of job subscriptions */
++
++    for (temp = (cupsd_subscription_t *)cupsArrayFirst(Subscriptions),
++             count = 0;
++         temp;
++	 temp = (cupsd_subscription_t *)cupsArrayNext(Subscriptions))
++      if (temp->job == job)
++        count ++;
++
++    if (count >= MaxSubscriptionsPerJob)
++    {
++      cupsdLogMessage(CUPSD_LOG_DEBUG,
++		      "cupsdAddSubscription: Reached MaxSubscriptionsPerJob %d "
++		      "for job #%d", MaxSubscriptionsPerJob, job->id);
++      return (NULL);
++    }
++  }
++
++  if (MaxSubscriptionsPerPrinter > 0 && dest)
++  {
++    int	count;				/* Number of printer subscriptions */
++
++    for (temp = (cupsd_subscription_t *)cupsArrayFirst(Subscriptions),
++             count = 0;
++         temp;
++	 temp = (cupsd_subscription_t *)cupsArrayNext(Subscriptions))
++      if (temp->dest == dest)
++        count ++;
++
++    if (count >= MaxSubscriptionsPerPrinter)
++    {
++      cupsdLogMessage(CUPSD_LOG_DEBUG,
++		      "cupsdAddSubscription: Reached "
++		      "MaxSubscriptionsPerPrinter %d for %s",
++		      MaxSubscriptionsPerPrinter, dest->name);
++      return (NULL);
++    }
++  }
++
+  /*
+   * Allocate memory for this subscription...
+   */
+@@ -758,7 +804,6 @@
+       cupsdLogMessage(CUPSD_LOG_ERROR,
+                       "Syntax error on line %d of subscriptions.conf.",
+ 	              linenum);
+-      break;
+     }
+     else if (!strcasecmp(line, "Events"))
+     {
+Index: scheduler/ipp.c
+===================================================================
+--- scheduler/ipp.c	(revision 8145)
++++ scheduler/ipp.c	(revision 8146)
+@@ -2119,24 +2119,25 @@
+     if (mask == CUPSD_EVENT_NONE)
+       mask = CUPSD_EVENT_JOB_COMPLETED;
+ 
+-    sub = cupsdAddSubscription(mask, cupsdFindDest(job->dest), job, recipient,
+-                               0);
++    if ((sub = cupsdAddSubscription(mask, cupsdFindDest(job->dest), job,
++                                    recipient, 0)) != NULL)
++    {
++      sub->interval = interval;
+ 
+-    sub->interval = interval;
++      cupsdSetString(&sub->owner, job->username);
+ 
+-    cupsdSetString(&sub->owner, job->username);
++      if (user_data)
++      {
++	sub->user_data_len = user_data->values[0].unknown.length;
++	memcpy(sub->user_data, user_data->values[0].unknown.data,
++	       sub->user_data_len);
++      }
+ 
+-    if (user_data)
+-    {
+-      sub->user_data_len = user_data->values[0].unknown.length;
+-      memcpy(sub->user_data, user_data->values[0].unknown.data,
+-             sub->user_data_len);
++      ippAddSeparator(con->response);
++      ippAddInteger(con->response, IPP_TAG_SUBSCRIPTION, IPP_TAG_INTEGER,
++		    "notify-subscription-id", sub->id);
+     }
+ 
+-    ippAddSeparator(con->response);
+-    ippAddInteger(con->response, IPP_TAG_SUBSCRIPTION, IPP_TAG_INTEGER,
+-                  "notify-subscription-id", sub->id);
+-
+     if (attr)
+       attr = attr->next;
+   }
+@@ -5590,7 +5591,12 @@
+     else
+       job = NULL;
+ 
+-    sub = cupsdAddSubscription(mask, printer, job, recipient, 0);
++    if ((sub = cupsdAddSubscription(mask, printer, job, recipient, 0)) == NULL)
++    {
++      send_ipp_status(con, IPP_TOO_MANY_SUBSCRIPTIONS,
++		      _("There are too many subscriptions."));
++      return;
++    }
+ 
+     if (job)
+       cupsdLogMessage(CUPSD_LOG_DEBUG, "Added subscription %d for job %d",

Attachment: pgpqCWgrSH42u.pgp
Description: PGP signature

Reply via email to