From 9a51a8159fe4231a31e9a20084ae3ce3f4e8e366 Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Thu, 18 Apr 2019 07:52:54 -0400 Subject: [PATCH] Fix a memory reallocation bug in HTTP header value expansion (rdar://problem/50000749) --- CHANGES.md | 4 +++- cups/http.c | 10 +++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index ae874c2b5..f673ea222 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,4 +1,4 @@ -CHANGES - 2.3b8 - 2019-04-15 +CHANGES - 2.3b8 - 2019-04-18 ============================ @@ -9,6 +9,8 @@ Changes in CUPS v2.3b8 - The lpadmin command would hang with a bad PPD file (rdar://41495016) - Fixed a potential crash bug in cups-driverd (rdar://46625579) - Fixed a performance regression with large PPDs (rdar://47040759) +- Fixed a memory reallocation bug in HTTP header value expansion + (rdar://problem/50000749) - Restored minimal support for the `Emulators` keyword in PPD files to allow old Samsung printer drivers to continue to work (Issue #5562) - The scheduler did not encode octetString values like "job-password" correctly diff --git a/cups/http.c b/cups/http.c index df9b7bdd6..ff8f6918f 100644 --- a/cups/http.c +++ b/cups/http.c @@ -3644,7 +3644,15 @@ http_add_field(http_t *http, /* I - HTTP connection */ char *combined; /* New value string */ - if ((combined = realloc(http->fields[field], total + 1)) != NULL) + if (http->fields[field] == http->_fields[field]) + { + if ((combined = malloc(total + 1)) != NULL) + { + http->fields[field] = combined; + snprintf(combined, total + 1, "%s, %s", http->_fields[field], value); + } + } + else if ((combined = realloc(http->fields[field], total + 1)) != NULL) { http->fields[field] = combined; strlcat(combined, ", ", total + 1); -- 2.39.2