From 209cc9b629604a34b247f54bb646856bf2a3edaa Mon Sep 17 00:00:00 2001 From: msweet Date: Thu, 20 Feb 2014 15:21:05 +0000 Subject: [PATCH] The scheduler did not handle GET requests for the log files properly (STR #3265) Limit the number of bytes read to the original file size. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11624 a1ca3aef-8c08-0410-bb20-df032aa958be --- CHANGES-1.7.txt | 2 ++ scheduler/client.c | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/CHANGES-1.7.txt b/CHANGES-1.7.txt index 7378cf7dfa..a237389e42 100644 --- a/CHANGES-1.7.txt +++ b/CHANGES-1.7.txt @@ -5,6 +5,8 @@ CHANGES IN CUPS V1.7.2 - Security: The scheduler now blocks URLs containing embedded HTML (STR #4356) + - The scheduler did not handle GET requests for the log files properly + (STR #3265) - The dnssd backend did not always report all discovered printers using Avahi (STR #4365) - The Zebra printer driver did not properly handle negative "label top" diff --git a/scheduler/client.c b/scheduler/client.c index 9bb2305465..b7a3c798da 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -2514,6 +2514,17 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */ con->file_ready = 0; } + bytes = (ssize_t)(sizeof(con->header) - (size_t)con->header_used); + + if (!con->pipe_pid && bytes > httpGetRemaining(con->http)) + { + /* + * Limit GET bytes to original size of file (STR #3265)... + */ + + bytes = (ssize_t)httpGetRemaining(con->http); + } + if (con->response && con->response->state != IPP_STATE_DATA) { size_t wused = httpGetPending(con->http); /* Previous write buffer use */ @@ -2552,8 +2563,7 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */ (int)bytes, httpGetState(con->http), CUPS_LLCAST httpGetLength2(con->http)); } - else if ((bytes = read(con->file, con->header + con->header_used, - sizeof(con->header) - (size_t)con->header_used)) > 0) + else if ((bytes = read(con->file, con->header + con->header_used, (size_t)bytes)) > 0) { con->header_used += bytes; -- 2.47.2