|
Tim Waugh |
b91dc0 |
diff -up foomatic-filters-4.0.7/foomaticrip.c.CVE-2011-2697 foomatic-filters-4.0.7/foomaticrip.c
|
|
Tim Waugh |
b91dc0 |
--- foomatic-filters-4.0.7/foomaticrip.c.CVE-2011-2697 2011-07-20 10:41:15.825401233 +0100
|
|
Tim Waugh |
b91dc0 |
+++ foomatic-filters-4.0.7/foomaticrip.c 2011-07-20 10:42:22.784101806 +0100
|
|
Tim Waugh |
b91dc0 |
@@ -1239,8 +1239,11 @@ int main(int argc, char** argv)
|
|
Tim Waugh |
b91dc0 |
}
|
|
Tim Waugh |
b91dc0 |
|
|
Tim Waugh |
b91dc0 |
/* Check for LPRng first so we do not pick up bogus ppd files by the -ppd option */
|
|
Tim Waugh |
b91dc0 |
- if (arglist_remove_flag(arglist, "--lprng"))
|
|
Tim Waugh |
b91dc0 |
- spooler = SPOOLER_LPRNG;
|
|
Tim Waugh |
b91dc0 |
+ if (spooler != SPOOLER_CUPS && spooler != SPOOLER_PPR &&
|
|
Tim Waugh |
b91dc0 |
+ spooler != SPOOLER_PPR_INT) {
|
|
Tim Waugh |
b91dc0 |
+ if (arglist_remove_flag(arglist, "--lprng"))
|
|
Tim Waugh |
b91dc0 |
+ spooler = SPOOLER_LPRNG;
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
|
|
Tim Waugh |
b91dc0 |
/* 'PRINTCAP_ENTRY' environment variable is : LPRng
|
|
Tim Waugh |
b91dc0 |
the :ppd=/path/to/ppdfile printcap entry should be used */
|
|
Tim Waugh |
b91dc0 |
@@ -1262,96 +1265,104 @@ int main(int argc, char** argv)
|
|
Tim Waugh |
b91dc0 |
}
|
|
Tim Waugh |
b91dc0 |
}
|
|
Tim Waugh |
b91dc0 |
|
|
Tim Waugh |
b91dc0 |
- /* PPD file name given via the command line
|
|
Tim Waugh |
b91dc0 |
- allow duplicates, and use the last specified one */
|
|
Tim Waugh |
b91dc0 |
- if (spooler != SPOOLER_LPRNG) {
|
|
Tim Waugh |
b91dc0 |
- while ((str = arglist_get_value(arglist, "-p"))) {
|
|
Tim Waugh |
b91dc0 |
- strncpy(job->ppdfile, str, 256);
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-p");
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
- while ((str = arglist_get_value(arglist, "--ppd"))) {
|
|
Tim Waugh |
b91dc0 |
- strncpy(job->ppdfile, str, 256);
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "--ppd");
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
-
|
|
Tim Waugh |
b91dc0 |
- /* Check for LPD/GNUlpr by typical options which the spooler puts onto
|
|
Tim Waugh |
b91dc0 |
- the filter's command line (options "-w": text width, "-l": text
|
|
Tim Waugh |
b91dc0 |
- length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing,
|
|
Tim Waugh |
b91dc0 |
- "-n": user name, "-h": host name) */
|
|
Tim Waugh |
b91dc0 |
- if ((str = arglist_get_value(arglist, "-h"))) {
|
|
Tim Waugh |
b91dc0 |
- if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG)
|
|
Tim Waugh |
b91dc0 |
- spooler = SPOOLER_LPD;
|
|
Tim Waugh |
b91dc0 |
- strncpy(job->host, str, 127);
|
|
Tim Waugh |
b91dc0 |
- job->host[127] = '\0';
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-h");
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
- if ((str = arglist_get_value(arglist, "-n"))) {
|
|
Tim Waugh |
b91dc0 |
- if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG)
|
|
Tim Waugh |
b91dc0 |
- spooler = SPOOLER_LPD;
|
|
Tim Waugh |
b91dc0 |
-
|
|
Tim Waugh |
b91dc0 |
- strncpy(job->user, str, 127);
|
|
Tim Waugh |
b91dc0 |
- job->user[127] = '\0';
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-n");
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
- if (arglist_remove(arglist, "-w") ||
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-l") ||
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-x") ||
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-y") ||
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-i") ||
|
|
Tim Waugh |
b91dc0 |
- arglist_remove_flag(arglist, "-c")) {
|
|
Tim Waugh |
b91dc0 |
+ /* CUPS calls foomatic-rip only with 5 or 6 positional parameters,
|
|
Tim Waugh |
b91dc0 |
+ not with named options, like for example "-p <string>". Also PPR
|
|
Tim Waugh |
b91dc0 |
+ does not used named options. */
|
|
Tim Waugh |
b91dc0 |
+ if (spooler != SPOOLER_CUPS && spooler != SPOOLER_PPR &&
|
|
Tim Waugh |
b91dc0 |
+ spooler != SPOOLER_PPR_INT) {
|
|
Tim Waugh |
b91dc0 |
+ /* Check for LPD/GNUlpr by typical options which the spooler puts onto
|
|
Tim Waugh |
b91dc0 |
+ the filter's command line (options "-w": text width, "-l": text
|
|
Tim Waugh |
b91dc0 |
+ length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing,
|
|
Tim Waugh |
b91dc0 |
+ "-n": user name, "-h": host name) */
|
|
Tim Waugh |
b91dc0 |
+ if ((str = arglist_get_value(arglist, "-h"))) {
|
|
Tim Waugh |
b91dc0 |
+ if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG)
|
|
Tim Waugh |
b91dc0 |
+ spooler = SPOOLER_LPD;
|
|
Tim Waugh |
b91dc0 |
+ strncpy(job->host, str, 127);
|
|
Tim Waugh |
b91dc0 |
+ job->host[127] = '\0';
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-h");
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+ if ((str = arglist_get_value(arglist, "-n"))) {
|
|
Tim Waugh |
b91dc0 |
if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG)
|
|
Tim Waugh |
b91dc0 |
spooler = SPOOLER_LPD;
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
- /* LPRng delivers the option settings via the "-Z" argument */
|
|
Tim Waugh |
b91dc0 |
- if ((str = arglist_get_value(arglist, "-Z"))) {
|
|
Tim Waugh |
b91dc0 |
- spooler = SPOOLER_LPRNG;
|
|
Tim Waugh |
b91dc0 |
- dstrcatf(job->optstr, "%s ", str);
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-Z");
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
- /* Job title and options for stock LPD */
|
|
Tim Waugh |
b91dc0 |
- if ((str = arglist_get_value(arglist, "-j")) || (str = arglist_get_value(arglist, "-J"))) {
|
|
Tim Waugh |
b91dc0 |
- strncpy_omit(job->title, str, 128, omit_shellescapes);
|
|
Tim Waugh |
b91dc0 |
- if (spooler == SPOOLER_LPD)
|
|
Tim Waugh |
b91dc0 |
- dstrcatf(job->optstr, "%s ", job->title);
|
|
Tim Waugh |
b91dc0 |
- if (!arglist_remove(arglist, "-j"))
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-J");
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
- /* Check for CPS */
|
|
Tim Waugh |
b91dc0 |
- if (arglist_remove_flag(arglist, "--cps") > 0)
|
|
Tim Waugh |
b91dc0 |
- spooler = SPOOLER_CPS;
|
|
Tim Waugh |
b91dc0 |
-
|
|
Tim Waugh |
b91dc0 |
- /* Options for spooler-less printing, CPS, or PDQ */
|
|
Tim Waugh |
b91dc0 |
- while ((str = arglist_get_value(arglist, "-o"))) {
|
|
Tim Waugh |
b91dc0 |
- strncpy_omit(tmp, str, 1024, omit_shellescapes);
|
|
Tim Waugh |
b91dc0 |
- dstrcatf(job->optstr, "%s ", tmp);
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-o");
|
|
Tim Waugh |
b91dc0 |
- /* If we don't print as PPR RIP or as CPS filter, we print
|
|
Tim Waugh |
b91dc0 |
- without spooler (we check for PDQ later) */
|
|
Tim Waugh |
b91dc0 |
- if (spooler != SPOOLER_PPR && spooler != SPOOLER_CPS)
|
|
Tim Waugh |
b91dc0 |
- spooler = SPOOLER_DIRECT;
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
-
|
|
Tim Waugh |
b91dc0 |
- /* Printer for spooler-less printing or PDQ */
|
|
Tim Waugh |
b91dc0 |
- if ((str = arglist_get_value(arglist, "-d"))) {
|
|
Tim Waugh |
b91dc0 |
- strncpy_omit(job->printer, str, 256, omit_shellescapes);
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-d");
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
-
|
|
Tim Waugh |
b91dc0 |
- /* Printer for spooler-less printing, PDQ, or LPRng */
|
|
Tim Waugh |
b91dc0 |
- if ((str = arglist_get_value(arglist, "-P"))) {
|
|
Tim Waugh |
b91dc0 |
- strncpy_omit(job->printer, str, 256, omit_shellescapes);
|
|
Tim Waugh |
b91dc0 |
- arglist_remove(arglist, "-P");
|
|
Tim Waugh |
b91dc0 |
- }
|
|
Tim Waugh |
b91dc0 |
-
|
|
Tim Waugh |
b91dc0 |
- /* Were we called from a PDQ wrapper? */
|
|
Tim Waugh |
b91dc0 |
- if (arglist_remove_flag(arglist, "--pdq"))
|
|
Tim Waugh |
b91dc0 |
- spooler = SPOOLER_PDQ;
|
|
Tim Waugh |
b91dc0 |
|
|
Tim Waugh |
b91dc0 |
- /* Were we called to build the PDQ driver declaration file? */
|
|
Tim Waugh |
b91dc0 |
- genpdqfile = check_pdq_file(arglist);
|
|
Tim Waugh |
b91dc0 |
- if (genpdqfile)
|
|
Tim Waugh |
b91dc0 |
- spooler = SPOOLER_PDQ;
|
|
Tim Waugh |
b91dc0 |
+ strncpy(job->user, str, 127);
|
|
Tim Waugh |
b91dc0 |
+ job->user[127] = '\0';
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-n");
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+ if (arglist_remove(arglist, "-w") ||
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-l") ||
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-x") ||
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-y") ||
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-i") ||
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove_flag(arglist, "-c")) {
|
|
Tim Waugh |
b91dc0 |
+ if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG)
|
|
Tim Waugh |
b91dc0 |
+ spooler = SPOOLER_LPD;
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+ /* LPRng delivers the option settings via the "-Z" argument */
|
|
Tim Waugh |
b91dc0 |
+ if ((str = arglist_get_value(arglist, "-Z"))) {
|
|
Tim Waugh |
b91dc0 |
+ spooler = SPOOLER_LPRNG;
|
|
Tim Waugh |
b91dc0 |
+ dstrcatf(job->optstr, "%s ", str);
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-Z");
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+ /* Job title and options for stock LPD */
|
|
Tim Waugh |
b91dc0 |
+ if ((str = arglist_get_value(arglist, "-j")) || (str = arglist_get_value(arglist, "-J"))) {
|
|
Tim Waugh |
b91dc0 |
+ strncpy_omit(job->title, str, 128, omit_shellescapes);
|
|
Tim Waugh |
b91dc0 |
+ if (spooler == SPOOLER_LPD)
|
|
Tim Waugh |
b91dc0 |
+ dstrcatf(job->optstr, "%s ", job->title);
|
|
Tim Waugh |
b91dc0 |
+ if (!arglist_remove(arglist, "-j"))
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-J");
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+
|
|
Tim Waugh |
b91dc0 |
+ /* Check for CPS */
|
|
Tim Waugh |
b91dc0 |
+ if (arglist_remove_flag(arglist, "--cps") > 0)
|
|
Tim Waugh |
b91dc0 |
+ spooler = SPOOLER_CPS;
|
|
Tim Waugh |
b91dc0 |
+
|
|
Tim Waugh |
b91dc0 |
+ /* PPD file name given via the command line
|
|
Tim Waugh |
b91dc0 |
+ allow duplicates, and use the last specified one */
|
|
Tim Waugh |
b91dc0 |
+ if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG &&
|
|
Tim Waugh |
b91dc0 |
+ spooler != SPOOLER_LPD) {
|
|
Tim Waugh |
b91dc0 |
+ while ((str = arglist_get_value(arglist, "-p"))) {
|
|
Tim Waugh |
b91dc0 |
+ strncpy(job->ppdfile, str, 256);
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-p");
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+ while ((str = arglist_get_value(arglist, "--ppd"))) {
|
|
Tim Waugh |
b91dc0 |
+ strncpy(job->ppdfile, str, 256);
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "--ppd");
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+
|
|
Tim Waugh |
b91dc0 |
+ /* Options for spooler-less printing, CPS, or PDQ */
|
|
Tim Waugh |
b91dc0 |
+ while ((str = arglist_get_value(arglist, "-o"))) {
|
|
Tim Waugh |
b91dc0 |
+ strncpy_omit(tmp, str, 1024, omit_shellescapes);
|
|
Tim Waugh |
b91dc0 |
+ dstrcatf(job->optstr, "%s ", tmp);
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-o");
|
|
Tim Waugh |
b91dc0 |
+ /* If we don't print as PPR RIP or as CPS filter, we print
|
|
Tim Waugh |
b91dc0 |
+ without spooler (we check for PDQ later) */
|
|
Tim Waugh |
b91dc0 |
+ if (spooler != SPOOLER_PPR && spooler != SPOOLER_CPS)
|
|
Tim Waugh |
b91dc0 |
+ spooler = SPOOLER_DIRECT;
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+
|
|
Tim Waugh |
b91dc0 |
+ /* Printer for spooler-less printing or PDQ */
|
|
Tim Waugh |
b91dc0 |
+ if ((str = arglist_get_value(arglist, "-d"))) {
|
|
Tim Waugh |
b91dc0 |
+ strncpy_omit(job->printer, str, 256, omit_shellescapes);
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-d");
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+
|
|
Tim Waugh |
b91dc0 |
+ /* Printer for spooler-less printing, PDQ, or LPRng */
|
|
Tim Waugh |
b91dc0 |
+ if ((str = arglist_get_value(arglist, "-P"))) {
|
|
Tim Waugh |
b91dc0 |
+ strncpy_omit(job->printer, str, 256, omit_shellescapes);
|
|
Tim Waugh |
b91dc0 |
+ arglist_remove(arglist, "-P");
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
+
|
|
Tim Waugh |
b91dc0 |
+ /* Were we called from a PDQ wrapper? */
|
|
Tim Waugh |
b91dc0 |
+ if (arglist_remove_flag(arglist, "--pdq"))
|
|
Tim Waugh |
b91dc0 |
+ spooler = SPOOLER_PDQ;
|
|
Tim Waugh |
b91dc0 |
+
|
|
Tim Waugh |
b91dc0 |
+ /* Were we called to build the PDQ driver declaration file? */
|
|
Tim Waugh |
b91dc0 |
+ genpdqfile = check_pdq_file(arglist);
|
|
Tim Waugh |
b91dc0 |
+ if (genpdqfile)
|
|
Tim Waugh |
b91dc0 |
+ spooler = SPOOLER_PDQ;
|
|
Tim Waugh |
b91dc0 |
+ }
|
|
Tim Waugh |
b91dc0 |
|
|
Tim Waugh |
b91dc0 |
/* spooler specific initialization */
|
|
Tim Waugh |
b91dc0 |
switch (spooler) {
|