Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > b2b31f8f12ce25fb0a2128354ea26724 > files > 5

cups-1.3.7-30.el5.src.rpm

diff -up cups-1.3.7/filter/textcommon.c.CVE-2008-3640 cups-1.3.7/filter/textcommon.c
--- cups-1.3.7/filter/textcommon.c.CVE-2008-3640	2007-07-11 22:46:42.000000000 +0100
+++ cups-1.3.7/filter/textcommon.c	2008-09-30 12:42:44.000000000 +0100
@@ -3,7 +3,7 @@
  *
  *   Common text filter routines for the Common UNIX Printing System (CUPS).
  *
- *   Copyright 2007 by Apple Inc.
+ *   Copyright 2007-2008 by Apple Inc.
  *   Copyright 1997-2007 by Easy Software Products.
  *
  *   These coded instructions, statements, and computer programs are the
@@ -605,14 +605,38 @@ TextMain(const char *name,	/* I - Name o
                 !strcasecmp(val, "yes");
 
   if ((val = cupsGetOption("columns", num_options, options)) != NULL)
+  {
     PageColumns = atoi(val);
 
+    if (PageColumns < 1)
+    {
+      _cupsLangPrintf(stderr, _("ERROR: Bad columns value %d!\n"), PageColumns);
+      return (1);
+    }
+  }
+
   if ((val = cupsGetOption("cpi", num_options, options)) != NULL)
+  {
     CharsPerInch = atof(val);
 
+    if (CharsPerInch <= 0.0)
+    {
+      _cupsLangPrintf(stderr, _("ERROR: Bad cpi value %f!\n"), CharsPerInch);
+      return (1);
+    }
+  }
+
   if ((val = cupsGetOption("lpi", num_options, options)) != NULL)
+  {
     LinesPerInch = atof(val);
 
+    if (LinesPerInch <= 0.0)
+    {
+      _cupsLangPrintf(stderr, _("ERROR: Bad lpi value %f!\n"), LinesPerInch);
+      return (1);
+    }
+  }
+
   if (PrettyPrint)
     PageTop -= 216.0f / LinesPerInch;
 
diff -up cups-1.3.7/filter/texttops.c.CVE-2008-3640 cups-1.3.7/filter/texttops.c
--- cups-1.3.7/filter/texttops.c.CVE-2008-3640	2007-07-11 22:46:42.000000000 +0100
+++ cups-1.3.7/filter/texttops.c	2008-09-30 12:42:44.000000000 +0100
@@ -173,6 +173,14 @@ WriteProlog(const char *title,		/* I - T
   SizeColumns = (PageRight - PageLeft) / 72.0 * CharsPerInch;
   SizeLines   = (PageTop - PageBottom) / 72.0 * LinesPerInch;
 
+  if (SizeColumns <= 0 || SizeColumns > 32767 ||
+      SizeLines <= 0 || SizeLines > 32767)
+  {
+    _cupsLangPrintf(stderr, _("ERROR: Unable to print %dx%d text page!\n"),
+                    SizeColumns, SizeLines);
+    exit(1);
+  }
+
   Page    = calloc(sizeof(lchar_t *), SizeLines);
   Page[0] = calloc(sizeof(lchar_t), SizeColumns * SizeLines);
   for (i = 1; i < SizeLines; i ++)
@@ -187,6 +195,13 @@ WriteProlog(const char *title,		/* I - T
   else
     ColumnWidth = SizeColumns;
 
+  if (ColumnWidth <= 0)
+  {
+    _cupsLangPrintf(stderr, _("ERROR: Unable to print %d text columns!\n"),
+                    PageColumns);
+    exit(1);
+  }
+
  /*
   * Output the DSC header...
   */

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional