long mime types not handled properly #4270

Closed
michaelrsweet opened this Issue Feb 6, 2013 · 4 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Feb 6, 2013

Version: 1.6-current
CUPS.org User: patwood

Throughout scheduler/ipp.c, the mime subtypes are parsed with "sscanf(...text, "%15[^/]/%31[^;]", super, type), but type is declared to be a char array of MIME_MAX_SIZE (256 bytes). Mime subtypes longer than 31 bytes are truncated, and subsequently the mimeType() call into the database fails. There is no reason to limit the sscanf parsing of type to 31 bytes.

An example is a printer that handles MS Office document types. Open XML mime type names are very long, e.g.,

application/vnd.openxmlformats-officedocument.spreadsheetml.template

and fail to print w/o changing these sscanf calls to use "%15[^/]/%255[^;]".

Collaborator

michaelrsweet commented Feb 12, 2013

CUPS.org User: mike

Changing to a P2 bug report.

Collaborator

michaelrsweet commented Feb 19, 2013

CUPS.org User: patwood

Added updated scheduler/ipp.c that fixes this for 1.6.1.

Pat Wood

Collaborator

michaelrsweet commented Feb 19, 2013

CUPS.org User: mike

Fixed in Subversion repository.

Collaborator

michaelrsweet commented Feb 19, 2013

"str4270.patch":

Index: scheduler/ipp.c

--- scheduler/ipp.c (revision 10865)
+++ scheduler/ipp.c (working copy)
@@ -8074,7 +8074,7 @@
* Grab format from client...
*/

  • if (sscanf(format->values[0].string.text, "%15[^/]/%31[^;]", super,
  • if (sscanf(format->values[0].string.text, "%15[^/]/%255[^;]", super,
    type) != 2)
    {
    send_ipp_status(con, IPP_BAD_REQUEST,
    @@ -8091,7 +8091,7 @@
  • Use default document format...
    */
  • if (sscanf(default_format, "%15[^/]/%31[^;]", super, type) != 2)
  • if (sscanf(default_format, "%15[^/]/%255[^;]", super, type) != 2)
    {
    send_ipp_status(con, IPP_BAD_REQUEST,
    _("Bad document-format "%s"."),
    @@ -9306,7 +9306,7 @@
  • Grab format from client...
    */
  • if (sscanf(format->values[0].string.text, "%15[^/]/%31[^;]",
  • if (sscanf(format->values[0].string.text, "%15[^/]/%255[^;]",
    super, type) != 2)
    {
    send_ipp_status(con, IPP_BAD_REQUEST, _("Bad document-format "%s"."),
    @@ -9322,7 +9322,7 @@
  • Use default document format...
    */
  • if (sscanf(default_format, "%15[^/]/%31[^;]", super, type) != 2)
  • if (sscanf(default_format, "%15[^/]/%255[^;]", super, type) != 2)
    {
    send_ipp_status(con, IPP_BAD_REQUEST,
    _("Bad document-format-default "%s"."), default_format);
    @@ -10822,7 +10822,7 @@
    if ((format = ippFindAttribute(con->request, "document-format",
    IPP_TAG_MIMETYPE)) != NULL)
    {
  • if (sscanf(format->values[0].string.text, "%15[^/]/%31[^;]",
  • if (sscanf(format->values[0].string.text, "%15[^/]/%255[^;]",
    super, type) != 2)
    {
    send_ipp_status(con, IPP_BAD_REQUEST,
    Index: scheduler/testmime.c
    ===================================================================
    --- scheduler/testmime.c (revision 10865)
    +++ scheduler/testmime.c (working copy)
    @@ -3,7 +3,7 @@
  • MIME test program for CUPS.
  • * Copyright 2007-2011 by Apple Inc.

  • * Copyright 2007-2013 by Apple Inc.

    • Copyright 1997-2006 by Easy Software Products, all rights reserved.
    • These coded instructions, statements, and computer programs are the
      @@ -132,7 +132,7 @@
      }
      else
      {
  •  sscanf(argv[i], "%15[^/]/%31s", super, type);
    
  •  sscanf(argv[i], "%15[^/]/%255s", super, type);
    

    dst = mimeType(mime, super, type);

    filters = mimeFilter2(mime, src, srcinfo.st_size, dst, &cost);

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment