Author: JT Smith
At LWN.net: A problem exists in all versions of CUPS prior to 1.1.5 with the
httpGets() function. It could go into an infinite loop if a line
longer than the input buffer size was sent by a client. This could be
used as a DoS attack. As well, all occurances of sprintf() calls were
changed to snprintf(), and all occurances of strcpy() calls were
changed to strncpy() calls, both of which protect against buffer
overflows. Finally, CUPS now defaults to not broadcasting the printer
information anymore by default, and by default access is only allowed
from the local machine.
httpGets() function. It could go into an infinite loop if a line
longer than the input buffer size was sent by a client. This could be
used as a DoS attack. As well, all occurances of sprintf() calls were
changed to snprintf(), and all occurances of strcpy() calls were
changed to strncpy() calls, both of which protect against buffer
overflows. Finally, CUPS now defaults to not broadcasting the printer
information anymore by default, and by default access is only allowed
from the local machine.
Category:
- Linux
