]> git.ipfire.org Git - thirdparty/cups.git/commitdiff
projects / thirdparty / cups.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bf44645)
Protect against NULL variables (Issue #1611)
authorMichael R Sweet <msweet@msweet.org>
Fri, 12 Jun 2026 21:18:05 +0000 (17:18 -0400)
committerMichael R Sweet <msweet@msweet.org>
Fri, 12 Jun 2026 21:18:05 +0000 (17:18 -0400)
cgi-bin/admin.c patch | blob | blame | history

diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
index e1bdcfa0aa957b99acba36c2b5c8e19638131788..06372db15abb9c42452f59b4f41dc79796ca2eda 100644 (file)
--- a/cgi-bin/admin.c
+++ b/cgi-bin/admin.c
@@ -1,7 +1,7 @@
 /*
  * Administration CGI for CUPS.
  *
- * Copyright © 2021-2025 by OpenPrinting
+ * Copyright © 2021-2026 by OpenPrinting
  * Copyright © 2007-2021 by Apple Inc.
  * Copyright © 1997-2007 by Easy Software Products.
  *
@@ -616,7 +616,7 @@ do_am_printer(http_t *http,         /* I - HTTP connection */
                *oldinfo;               /* Old printer information */
   const cgi_file_t *file;              /* Uploaded file, if any */
   const char   *var;                   /* CGI variable */
-  char *ppd_name = NULL;       /* Pointer to PPD name */
+  char         *ppd_name = NULL;       /* Pointer to PPD name */
   char         uri[HTTP_MAX_URI],      /* Device or printer URI */
                *uriptr,                /* Pointer into URI */
                evefile[1024] = "";     /* IPP Everywhere PPD file */
@@ -1100,13 +1100,8 @@ do_am_printer(http_t *http,              /* I - HTTP connection */
     ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri",
                  NULL, uri);
 
-    if (!file)
-    {
-      ppd_name = cgiGetVariable("PPD_NAME");
-      if (strcmp(ppd_name, "__no_change__"))
-       ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "ppd-name",
-                    NULL, ppd_name);
-    }
+    if (!file && (ppd_name = cgiGetVariable("PPD_NAME")) != NULL && strcmp(ppd_name, "__no_change__"))
+      ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "ppd-name", NULL, ppd_name);
 
     ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-location",
                  NULL, cgiGetTextfield("PRINTER_LOCATION"));
@@ -1114,7 +1109,16 @@ do_am_printer(http_t *http,              /* I - HTTP connection */
     ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-info",
                  NULL, cgiGetTextfield("PRINTER_INFO"));
 
-    cupsCopyString(uri, cgiGetVariable("DEVICE_URI"), sizeof(uri));
+    if ((var = cgiGetVariable("DEVICE_URI")) == NULL)
+    {
+      cgiStartHTML(title);
+      cgiSetVariable("MESSAGE", _("Missing DEVICE_URI variable."));
+      cgiCopyTemplateLang("error.tmpl");
+      cgiEndHTML();
+      return;
+    }
+
+    cupsCopyString(uri, var, sizeof(uri));
 
    /*
     * Strip make and model from URI...
Mirror of https://github.com/OpenPrinting/cups.git