Security fix for CAN-2005-2097.

"A vulnerability has been reported in CUPS, which can be exploited by malicious
people to cause a DoS (Denial of Service) on a vulnerable system.

When processing a PDF file, bounds checking was not correctly performed on
some fields. This could cause the pdftops filter (running as user "lp") to
crash."

http://secunia.com/advisories/16380/
http://rhn.redhat.com/errata/RHSA-2005-706.html

Patch from RedHat.

1 files changed, 24 insertions, 0 deletions

diff --git a/print/cups/patches/patch-aw b/print/cups/patches/patch-aw
new file mode 100644
index 00000000000..920a41852eb
--- /dev/null
+++ b/print/cups/patches/patch-aw
@@ -0,0 +1,24 @@
+$NetBSD: patch-aw,v 1.3 2005/08/10 23:37:08 salo Exp $
+
+Fix for CAN-2005-2097, from RedHat.
+
+--- pdftops/FontFile.cxx.orig	2004-02-02 23:41:09.000000000 +0100
++++ pdftops/FontFile.cxx	2005-08-10 22:30:54.000000000 +0200
+@@ -18,6 +18,7 @@
+ #include <stdarg.h>
+ #include <string.h>
+ #include <ctype.h>
++#include <error.h>
+ #include "gmem.h"
+ #include "GHash.h"
+ #include "Error.h"
+@@ -3572,6 +3573,9 @@
+     } else {
+       origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+     }
++
++    if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++      error (1, 0, "bad loca table pos value");
+   }
+   qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+   for (i = 0; i < nGlyphs; ++i) {