[Pkg-cups-devel] Bug#550150: CVE-2009-2807 is darwin-specific
Vincent Danen
vdanen at redhat.com
Wed Oct 7 22:25:55 UTC 2009
I noticed this bug and thought I'd share the patch that corrects this
issue, although this is Darwin-specific. The patch affects usb-darwin.c
which as can be seen below is only included if the OS is Darwin, so this
is not something you need to worry about.
#ifdef HAVE_USB_H
# include "usb-libusb.c"
#elif defined(__APPLE__)
# include "usb-darwin.c"
#elif defined(__linux) || defined(__sun) || defined(__FreeBSD__) ||
defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) ||
defined(__FreeBSD_kernel__)
# include "usb-unix.c"
#else
...
--
Vincent Danen / Red Hat Security Response Team
-------------- next part --------------
$ svn diff http://svn.easysw.com/public/cups/trunk/@8732 http://svn.easysw.com/public/cups/trunk/@8733
Index: backend/usb-darwin.c
===================================================================
--- backend/usb-darwin.c (revision 8732)
+++ backend/usb-darwin.c (revision 8733)
@@ -1165,7 +1165,7 @@
snprintf(optionsstr, sizeof(optionsstr), "?location=%x", (unsigned)deviceLocation);
httpAssembleURI(HTTP_URI_CODING_ALL, uristr, sizeof(uristr), "usb", NULL, makestr, 0, modelstr);
- strncat(uristr, optionsstr, sizeof(uristr));
+ strlcat(uristr, optionsstr, sizeof(uristr));
cupsBackendReport("direct", uristr, make_modelstr, make_modelstr, idstr,
NULL);
More information about the Pkg-cups-devel
mailing list