Multiple security/disclosure issues:

- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251) - Fixed IPP buffer overflow (rdar://50035411) - Fixed memory disclosure issue in the scheduler (rdar://51373853) - Fixed DoS issues in the scheduler (rdar://51373929)
author: Michael R Sweet <michael.r.sweet@gmail.com> 2019-08-15 14:06:47 -0400
committer: Michael R Sweet <michael.r.sweet@gmail.com> 2019-08-15 14:06:47 -0400
commit: 2c030c7a06e0c2b8227c7e85f5c58dfb339731d0 (patch)
tree: 87e6adc4798757791b2782935ad5f06132283456 /cups/http.c
parent: d784ca2f837b6c221d97ec0850b7020d13db75a5 (diff)
download: cups-2c030c7a06e0c2b8227c7e85f5c58dfb339731d0.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/cups/http.c b/cups/http.c
index 266a15791..fbb1bf13c 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -1860,7 +1860,7 @@ httpPrintf(http_t     *http,		/* I - HTTP connection */
 	   ...)				/* I - Additional args as needed */
 {
   ssize_t	bytes;			/* Number of bytes to write */
-  char		buf[16384];		/* Buffer for formatted string */
+  char		buf[65536];		/* Buffer for formatted string */
   va_list	ap;			/* Variable argument pointer */
 
 
@@ -1872,7 +1872,12 @@ httpPrintf(http_t     *http,		/* I - HTTP connection */
 
   DEBUG_printf(("3httpPrintf: (" CUPS_LLFMT " bytes) %s", CUPS_LLCAST bytes, buf));
 
-  if (http->data_encoding == HTTP_ENCODING_FIELDS)
+  if (bytes > (ssize_t)(sizeof(buf) - 1))
+  {
+    http->error = ENOMEM;
+    return (-1);
+  }
+  else if (http->data_encoding == HTTP_ENCODING_FIELDS)
     return ((int)httpWrite2(http, buf, (size_t)bytes));
   else
   {
author	Michael R Sweet <michael.r.sweet@gmail.com>	2019-08-15 14:06:47 -0400
committer	Michael R Sweet <michael.r.sweet@gmail.com>	2019-08-15 14:06:47 -0400
commit	2c030c7a06e0c2b8227c7e85f5c58dfb339731d0 (patch)
tree	87e6adc4798757791b2782935ad5f06132283456 /cups/http.c
parent	d784ca2f837b6c221d97ec0850b7020d13db75a5 (diff)
download	cups-2c030c7a06e0c2b8227c7e85f5c58dfb339731d0.tar.gz