diff options
| author | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-08-01 13:56:29 -0400 |
|---|---|---|
| committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-08-01 13:56:29 -0400 |
| commit | dc00a7c3adc459ee468ec9e1c52679b83e4a4c9d (patch) | |
| tree | 1e72bcf92a17971e95bb1a26f9c13f7fe35d1ab3 /cups | |
| parent | db1c94f3a1720b26b46d91744d43bb3edb2765dd (diff) | |
| download | cups-dc00a7c3adc459ee468ec9e1c52679b83e4a4c9d.tar.gz | |
Fix some PPD parser issues discovered via fuzzing (Issue #5623, Issue #5624)
Diffstat (limited to 'cups')
| -rw-r--r-- | cups/ppd-emit.c | 12 | ||||
| -rw-r--r-- | cups/ppd-mark.c | 6 | ||||
| -rw-r--r-- | cups/ppd.c | 29 | ||||
| -rw-r--r-- | cups/ppd.h | 1 | ||||
| -rw-r--r-- | cups/testppd.c | 4 |
5 files changed, 52 insertions, 0 deletions
diff --git a/cups/ppd-emit.c b/cups/ppd-emit.c index b9b0e5ad0..8bffb2bc3 100644 --- a/cups/ppd-emit.c +++ b/cups/ppd-emit.c @@ -664,6 +664,9 @@ ppdEmitString(ppd_file_t *ppd, /* I - PPD file record */ { switch (cparam->type) { + case PPD_CUSTOM_UNKNOWN : + break; + case PPD_CUSTOM_CURVE : case PPD_CUSTOM_INVCURVE : case PPD_CUSTOM_POINTS : @@ -710,6 +713,9 @@ ppdEmitString(ppd_file_t *ppd, /* I - PPD file record */ { switch (cparam->type) { + case PPD_CUSTOM_UNKNOWN : + break; + case PPD_CUSTOM_CURVE : case PPD_CUSTOM_INVCURVE : case PPD_CUSTOM_POINTS : @@ -805,6 +811,9 @@ ppdEmitString(ppd_file_t *ppd, /* I - PPD file record */ { switch (cparam->type) { + case PPD_CUSTOM_UNKNOWN : + break; + case PPD_CUSTOM_CURVE : case PPD_CUSTOM_INVCURVE : case PPD_CUSTOM_POINTS : @@ -1007,6 +1016,9 @@ ppdEmitString(ppd_file_t *ppd, /* I - PPD file record */ { switch (cparam->type) { + case PPD_CUSTOM_UNKNOWN : + break; + case PPD_CUSTOM_CURVE : case PPD_CUSTOM_INVCURVE : case PPD_CUSTOM_POINTS : diff --git a/cups/ppd-mark.c b/cups/ppd-mark.c index 9eca0cec7..7ec0df473 100644 --- a/cups/ppd-mark.c +++ b/cups/ppd-mark.c @@ -851,6 +851,9 @@ ppd_mark_option(ppd_file_t *ppd, /* I - PPD file */ switch (cparam->type) { + case PPD_CUSTOM_UNKNOWN : + break; + case PPD_CUSTOM_CURVE : case PPD_CUSTOM_INVCURVE : case PPD_CUSTOM_REAL : @@ -928,6 +931,9 @@ ppd_mark_option(ppd_file_t *ppd, /* I - PPD file */ switch (cparam->type) { + case PPD_CUSTOM_UNKNOWN : + break; + case PPD_CUSTOM_CURVE : case PPD_CUSTOM_INVCURVE : case PPD_CUSTOM_REAL : diff --git a/cups/ppd.c b/cups/ppd.c index ada0c14f7..fae19c42e 100644 --- a/cups/ppd.c +++ b/cups/ppd.c @@ -992,6 +992,13 @@ _ppdOpen( goto error; } + if (cparam->type != PPD_CUSTOM_UNKNOWN) + { + pg->ppd_status = PPD_BAD_CUSTOM_PARAM; + + goto error; + } + /* * Get the parameter data... */ @@ -1865,6 +1872,13 @@ _ppdOpen( } else if (!strcmp(keyword, "PaperDimension")) { + if (!_cups_strcasecmp(name, "custom") || !_cups_strncasecmp(name, "custom.", 7)) + { + pg->ppd_status = PPD_ILLEGAL_OPTION_KEYWORD; + + goto error; + } + if ((size = ppdPageSize(ppd, name)) == NULL) size = ppd_add_size(ppd, name); @@ -1887,6 +1901,13 @@ _ppdOpen( } else if (!strcmp(keyword, "ImageableArea")) { + if (!_cups_strcasecmp(name, "custom") || !_cups_strncasecmp(name, "custom.", 7)) + { + pg->ppd_status = PPD_ILLEGAL_OPTION_KEYWORD; + + goto error; + } + if ((size = ppdPageSize(ppd, name)) == NULL) size = ppd_add_size(ppd, name); @@ -1916,6 +1937,13 @@ _ppdOpen( { DEBUG_printf(("2_ppdOpen: group=%p, subgroup=%p", group, subgroup)); + if (!_cups_strcasecmp(name, "custom") || !_cups_strncasecmp(name, "custom.", 7)) + { + pg->ppd_status = PPD_ILLEGAL_OPTION_KEYWORD; + + goto error; + } + if (!strcmp(keyword, "PageSize")) { /* @@ -2640,6 +2668,7 @@ ppd_get_cparam(ppd_coption_t *opt, /* I - PPD file */ if ((cparam = calloc(1, sizeof(ppd_cparam_t))) == NULL) return (NULL); + cparam->type = PPD_CUSTOM_UNKNOWN; strlcpy(cparam->name, param, sizeof(cparam->name)); strlcpy(cparam->text, text[0] ? text : param, sizeof(cparam->text)); diff --git a/cups/ppd.h b/cups/ppd.h index 108f20e2a..f2ba50db8 100644 --- a/cups/ppd.h +++ b/cups/ppd.h @@ -226,6 +226,7 @@ typedef struct ppd_profile_s /**** sRGB Color Profiles @deprecated@ ****/ /**** New in CUPS 1.2/macOS 10.5 ****/ typedef enum ppd_cptype_e /**** Custom Parameter Type @deprecated@ ****/ { + PPD_CUSTOM_UNKNOWN = -1, /* Unknown type (error) */ PPD_CUSTOM_CURVE, /* Curve value for f(x) = x^value */ PPD_CUSTOM_INT, /* Integer number value */ PPD_CUSTOM_INVCURVE, /* Curve value for f(x) = x^(1/value) */ diff --git a/cups/testppd.c b/cups/testppd.c index 914abbd42..36707f29a 100644 --- a/cups/testppd.c +++ b/cups/testppd.c @@ -1245,6 +1245,10 @@ main(int argc, /* I - Number of command-line arguments */ { switch (cparam->type) { + case PPD_CUSTOM_UNKNOWN : + printf(" %s(%s): PPD_CUSTOM_UNKNOWN (error)\n", cparam->name, cparam->text); + break; + case PPD_CUSTOM_CURVE : printf(" %s(%s): PPD_CUSTOM_CURVE (%g to %g)\n", cparam->name, cparam->text, |