1 CAN-2004-0923 fix (taken from Debian)
2 --- cupsys-1.1.14.orig/scheduler/ipp.c
3 +++ cupsys-1.1.14/scheduler/ipp.c
7 LogMessage(L_INFO, "Setting %s device-uri to \"%s\" (was \"%s\".)",
8 - printer->name, attr->values[0].string.text, printer->device_uri);
10 + cupsdSanitizeURI(attr->values[0].string.text, line, sizeof(line)),
11 + cupsdSanitizeURI(printer->device_uri, resource, sizeof(resource)));
13 strncpy(printer->device_uri, attr->values[0].string.text,
14 sizeof(printer->device_uri) - 1);
15 --- cupsys-1.1.14.orig/scheduler/job.c
16 +++ cupsys-1.1.14/scheduler/job.c
18 classification[1024], /* CLASSIFICATION environment variable */
19 content_type[255],/* CONTENT_TYPE environment variable */
20 device_uri[1024],/* DEVICE_URI environment variable */
21 + sani_uri[1024], /* Sanitized DEVICE_URI env var */
22 ppd[1024], /* PPD environment variable */
23 printer_name[255],/* PRINTER environment variable */
24 root[1024], /* CUPS_SERVERROOT environment variable */
25 @@ -1470,13 +1471,13 @@
26 envp[16] = classification;
29 - LogMessage(L_DEBUG, "StartJob: envp = \"%s\",\"%s\",\"%s\",\"%s\","
30 - "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\","
31 - "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"",
32 - envp[0], envp[1], envp[2], envp[3], envp[4],
33 - envp[5], envp[6], envp[7], envp[8], envp[9],
34 - envp[10], envp[11], envp[12], envp[13], envp[14],
35 - envp[15], envp[16]);
36 + for (i = 0; i < 17; i ++)
37 + if (strncmp(envp[i], "DEVICE_URI=", 11))
38 + LogMessage(L_DEBUG, "StartJob: envp[%d]=\"%s\"", i, envp[i]);
40 + LogMessage(L_DEBUG, "StartJob: envp[%d]=\"DEVICE_URI=%s\"", i,
41 + cupsdSanitizeURI(printer->device_uri, sani_uri,
44 current->current_file ++;
46 --- cupsys-1.1.14.orig/scheduler/printers.c
47 +++ cupsys-1.1.14/scheduler/printers.c
50 * StopPrinter() - Stop a printer from printing any jobs...
51 * ValidateDest() - Validate a printer/class destination.
52 + * cupsdSanitizeURI() - Sanitize a device URI...
53 * write_irix_config() - Update the config files used by the IRIX
55 * write_irix_state() - Update the status files used by IRIX printing
57 SetPrinterAttrs(printer_t *p) /* I - Printer to setup */
59 char uri[HTTP_MAX_URI]; /* URI for printer */
60 - char method[HTTP_MAX_URI], /* Method portion of URI */
61 - username[HTTP_MAX_URI], /* Username portion of URI */
62 - host[HTTP_MAX_URI], /* Host portion of URI */
63 - resource[HTTP_MAX_URI]; /* Resource portion of URI */
64 - int port; /* Port portion of URI */
65 + char resource[HTTP_MAX_URI]; /* Resource portion of URI */
66 int i; /* Looping var */
67 char filename[1024]; /* Name of PPD file */
68 int num_media; /* Number of media options */
69 @@ -1171,12 +1168,7 @@
70 * http://..., ipp://..., etc.
73 - httpSeparate(p->device_uri, method, username, host, &port, resource);
75 - snprintf(uri, sizeof(uri), "%s://%s:%d%s", method, host, port,
78 - snprintf(uri, sizeof(uri), "%s://%s%s", method, host, resource);
79 + cupsdSanitizeURI(p->device_uri, uri, sizeof(uri));
83 @@ -1795,6 +1787,83 @@
88 + * 'cupsdSanitizeURI()' - Sanitize a device URI...
91 +char * /* O - New device URI */
92 +cupsdSanitizeURI(const char *uri, /* I - Original device URI */
93 + char *buffer, /* O - New device URI */
94 + int buflen) /* I - Size of new device URI buffer */
96 + char *start, /* Start of data after scheme */
97 + *slash, /* First slash after scheme:// */
98 + *ptr; /* Pointer into user@host:port part */
102 + * Range check input...
105 + if (!uri || !buffer || buflen < 2)
109 + * Copy the device URI to the new buffer...
112 + strncpy(buffer, uri, buflen-1);
113 + buffer[buflen-1] = '\0';
116 + * Find the end of the scheme:// part...
119 + if ((ptr = strchr(buffer, ':')) == NULL)
120 + return (buffer); /* No scheme: part... */
122 + for (start = ptr + 1; *start; start ++)
127 + * Find the next slash (/) in the URI...
130 + if ((slash = strchr(start, '/')) == NULL)
131 + slash = start + strlen(start); /* No slash, point to the end */
134 + * Check for an @ sign before the slash...
137 + if ((ptr = strchr(start, '@')) != NULL && ptr < slash)
140 + * Found an @ sign and it is before the resource part, so we have
141 + * an authentication string. Copy the remaining URI over the
142 + * authentication string...
145 + /* cups_strcpy(start, ptr + 1); */
147 + char *src = ptr + 1;
157 + * Return the new device URI...
166 * 'write_irix_config()' - Update the config files used by the IRIX
167 --- cupsys-1.1.14.orig/scheduler/printers.h
168 +++ cupsys-1.1.14/scheduler/printers.h
170 const char *resource,
171 cups_ptype_t *dtype);
173 +extern char *cupsdSanitizeURI(const char *uri, char *buffer,