From c9b65dc4d956afe9790f25f886e13f8e7f9d0325 Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Mon, 17 Jun 2019 09:46:37 -0400 Subject: [PATCH] Fix NULL pointer dereference in httpGetField2 (Issue #5598) --- CHANGES.md | 3 ++- cups/http.c | 9 ++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 74c6c59e9..06eba39b2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,4 +1,4 @@ -CHANGES - 2.3.0 - 2019-06-13 +CHANGES - 2.3.0 - 2019-06-17 ============================ @@ -10,6 +10,7 @@ Changes in CUPS v2.3.0 - Eliminated some new GCC compiler warnings (Issue #5591) - Removed dead code from the scheduler (Issue #5593) - "make" failed with GZIP options (Issue #5595) +- Fixed a NULL pointer dereference bug in `httpGetSubField2` (Issue #5598) - Fixed an issue with `EXPECT !name WITH-VALUE ...` tests. - Fixed a command ordering issue in the Zebra ZPL driver. diff --git a/cups/http.c b/cups/http.c index ff8f6918f..266a15791 100644 --- a/cups/http.c +++ b/cups/http.c @@ -1,8 +1,8 @@ /* * HTTP routines for CUPS. * - * Copyright 2007-2018 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products, all rights reserved. + * Copyright © 2007-2019 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * * This file contains Kerberos support code, copyright 2006 by * Jelmer Vernooij. @@ -1345,8 +1345,11 @@ httpGetSubField2(http_t *http, /* I - HTTP connection */ DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, valuelen=%d)", (void *)http, field, name, (void *)value, valuelen)); + if (value) + *value = '\0'; + if (!http || !name || !value || valuelen < 2 || - field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX) + field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX || !http->fields[field]) return (NULL); end = value + valuelen - 1; -- 2.39.5