Multiple security/disclosure issues:

[thirdparty/cups.git] / cups / http.c

diff --git a/cups/http.c b/cups/http.c
index 266a15791a9d0c641b0f616d8c343cce5fb29c6c..fbb1bf13cce520cd7438637a1661a1b8ff738c6f 100644 (file)
--- a/cups/http.c
+++ b/cups/http.c
@@ -1860,7 +1860,7 @@ httpPrintf(http_t     *http,              /* I - HTTP connection */
           ...)                         /* I - Additional args as needed */
 {
   ssize_t      bytes;                  /* Number of bytes to write */
-  char         buf[16384];             /* Buffer for formatted string */
+  char         buf[65536];             /* Buffer for formatted string */
   va_list      ap;                     /* Variable argument pointer */
 
 
@@ -1872,7 +1872,12 @@ httpPrintf(http_t     *http,             /* I - HTTP connection */
 
   DEBUG_printf(("3httpPrintf: (" CUPS_LLFMT " bytes) %s", CUPS_LLCAST bytes, buf));
 
-  if (http->data_encoding == HTTP_ENCODING_FIELDS)
+  if (bytes > (ssize_t)(sizeof(buf) - 1))
+  {
+    http->error = ENOMEM;
+    return (-1);
+  }
+  else if (http->data_encoding == HTTP_ENCODING_FIELDS)
     return ((int)httpWrite2(http, buf, (size_t)bytes));
   else
   {