Debian Bug report logs - #1009146
cups Segmentation fault

Package: cups-bsd; Maintainer for cups-bsd is Debian Printing Team <debian-printing@lists.debian.org>; Source for cups-bsd is src:cups (PTS, buildd, popcon).

Reported by: Дмитрий Тихомиров <dtikhomirov@astralinux.ru>

Date: Thu, 7 Apr 2022 17:06:02 UTC

Severity: normal

Tags: fixed-upstream, patch

Merged with 1009147

Fixed in version cups/2.4.7-1

Done: Thorsten Alteholz <debian@alteholz.de>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/OpenPrinting/cups/issues/457

Display info messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>:
Bug#1009146; Package cups. (Thu, 07 Apr 2022 17:06:04 GMT) (full text, mbox, link).

Acknowledgement sent to Дмитрий Тихомиров <dtikhomirov@astralinux.ru>:
New Bug report received and forwarded. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>. (Thu, 07 Apr 2022 17:06:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: cups 
Version: 2.3.3 

Hi. 

Error message: Segmentation fault 

To reproduce this bug we just need to run command "lprm -P". In normal way it must finish with output of available commands . 
Technical description: Program lprm call function main(file lprm.c:30). In « if ((instance = strchr (name, ' / ' )) != NULL ) » (file lprm.c:87) when we send "-P" the program will received Segmentation fault . 

System information: Linux debian 5.10.0-12-amd64 #1 SMP Debian [ callto:5.10.103-1 (2022-03-07 | 5.10.103-1 (2022-03-07 ] ) x86_64 GNU/Linux 
libc-2.31.so 

CWE identifier for this bug: CWE-20: Improper Input Validation 

Way to fix this bug: change it " else { i ++; name = argv[i]; }" (file lprm.c:82-86) to this "i ++; if (i >= argc) { _cupsLangPrintf(stderr, _("%s: Error - expected username after \"-P\" option."), argv[0]); usage(); }" . 

Regards, 

Tikhomirov Dmitriy

[Message part 2 (text/html, inline)]

Merged 1009146 1009147 Request was from Bernhard Übelacker <bernhardu@mailbox.org> to control@bugs.debian.org. (Wed, 27 Apr 2022 13:00:02 GMT) (full text, mbox, link).

Added tag(s) patch. Request was from Brian Potkin <claremont102@gmail.com> to control@bugs.debian.org. (Tue, 16 Aug 2022 10:27:03 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://github.com/OpenPrinting/cups/issues/457'. Request was from Brian Potkin <claremont102@gmail.com> to control@bugs.debian.org. (Tue, 16 Aug 2022 10:27:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>:
Bug#1009146; Package cups. (Tue, 16 Aug 2022 11:09:03 GMT) (full text, mbox, link).

Acknowledgement sent to Brian Potkin <claremont102@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>. (Tue, 16 Aug 2022 11:09:03 GMT) (full text, mbox, link).

Message #16 received at 1009146@bugs.debian.org (full text, mbox, reply):

tags 1009146 patch
forwarded 1009146 https://github.com/OpenPrinting/cups/issues/457
thanks


On Thu 07 Apr 2022 at 19:55:06 +0300, Дмитрий Тихомиров wrote:

> Package: cups 
> Version: 2.3.3 
> 
> Hi. 
> 
> Error message: Segmentation fault 
> 
> To reproduce this bug we just need to run command "lprm -P". In normal way it must finish with output of available commands . 
> Technical description: Program lprm call function main(file lprm.c:30). In « if ((instance = strchr (name, ' / ' )) != NULL ) » (file lprm.c:87) when we send "-P" the program will received Segmentation fault . 
> 
> System information: Linux debian 5.10.0-12-amd64 #1 SMP Debian [ callto:5.10.103-1 (2022-03-07 | 5.10.103-1 (2022-03-07 ] ) x86_64 GNU/Linux 
> libc-2.31.so 
> 
> CWE identifier for this bug: CWE-20: Improper Input Validation 
> 
> Way to fix this bug: change it " else { i ++; name = argv[i]; }" (file lprm.c:82-86) to this "i ++; if (i >= argc) { _cupsLangPrintf(stderr, _("%s: Error - expected username after \"-P\" option."), argv[0]); usage(); }" . 
 
Thank you for your report, Dmitriy. 

I can reproduce the behaviour with "lprm -P" on cups 2.4.2-1+b1.
Forwarded upstream.

Cheers,

Brian.

Bug reassigned from package 'cups' to 'cups-bsd'. Request was from Brian Potkin <claremont102@gmail.com> to control@bugs.debian.org. (Tue, 16 Aug 2022 13:57:02 GMT) (full text, mbox, link).

No longer marked as found in versions 2.3.3. Request was from Brian Potkin <claremont102@gmail.com> to control@bugs.debian.org. (Tue, 16 Aug 2022 13:57:03 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from debian-bts-link@lists.debian.org to control@bugs.debian.org. (Mon, 22 Aug 2022 17:36:12 GMT) (full text, mbox, link).

Reply sent to Thorsten Alteholz <debian@alteholz.de>:
You have taken responsibility. (Sat, 07 Oct 2023 22:39:05 GMT) (full text, mbox, link).

Notification sent to Дмитрий Тихомиров <dtikhomirov@astralinux.ru>:
Bug acknowledged by developer. (Sat, 07 Oct 2023 22:39:05 GMT) (full text, mbox, link).

Message #27 received at 1009146-close@bugs.debian.org (full text, mbox, reply):

Source: cups
Source-Version: 2.4.7-1
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1009146@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Oct 2023 20:16:49 +0200
Source: cups
Architecture: source
Version: 2.4.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 954974 971625 998004 1008053 1009146 1009147 1039983 1041466 1043331 1043470 1052419
Changes:
 cups (2.4.7-1) unstable; urgency=medium
 .
   * Update to new upstream version 2.4.7.
     (Closes: #1039983   this should have been fixed in 2.4.3)
     (Closes: #1041466   this should have been fixed in 2.4.3)
     (Closes: #1043331   this should have been fixed in 2.4.3)
     (Closes: #998004    this should have been fixed in 2.4.3)
     (Closes: #1008053   this should have been fixed in 2.4.3)
     (Closes: #1009146   this should have been fixed in 2.4.3)
     (Closes: #1009147   this should have been fixed in 2.4.3)
   * debian/watch: update watch file (Closes: #1043470)
                   (thanks a lot to t3b4in+2gxh764v647us@cs.email)
   * debian/rules: switch on testing again
   * debian/control: bump standard to 4.6.2 (no changes)
   * debian/cups-daemon.NEWS: reword last entry (Closes: #1052419)
                              (thanks to IOhannes m zmoelnig)
   * debian/local/apparmor-profile: add drop-in for cups-pdf as well
                                    (Closes: #954974)
   * Provide a cups.pc file. (Closes: #971625)
     (thanks a lot to Helmut Grohne for the patch)
   * update debian/*.lintian-overrides and use new syntax
Checksums-Sha1:
 cbc8bfafbffcdf91c3485d969c8d09bb95bf3c2f 3357 cups_2.4.7-1.dsc
 9c6155dfa367eee9a88ad08cf83b1dc6c446309f 8134809 cups_2.4.7.orig.tar.gz
 a2b411cdcf336ac0ba9b3f6d17377cc963bf7d26 228 cups_2.4.7.orig.tar.gz.asc
 925bced67d126a6dc1ce3586de2b58327c417240 383284 cups_2.4.7-1.debian.tar.xz
 01d9093d9e634e5bf609546ada19e8a41b4625b7 13522 cups_2.4.7-1_amd64.buildinfo
Checksums-Sha256:
 28a4e4dcbecb7ee3ddb8ba6883e09add5556f73e45bd6536e04b552bbffad8ef 3357 cups_2.4.7-1.dsc
 dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c 8134809 cups_2.4.7.orig.tar.gz
 4a5f7d06dd1255248c0718111b86c8c40e56990c9c7ec497f4190d933e0691a4 228 cups_2.4.7.orig.tar.gz.asc
 8609ef2edd3f5142fb1dd3f6ae7a323b1a952a4a49cb3ae04aa7f31ef4f1bc75 383284 cups_2.4.7-1.debian.tar.xz
 75374e7a994ed757e71eeafba5daed63bd4966122c0ace02bfa7b025a85736b6 13522 cups_2.4.7-1_amd64.buildinfo
Files:
 d127d7414d397282312dabf9ea7b3c69 3357 net optional cups_2.4.7-1.dsc
 e0a5ddbf53dfad41da26fc1ef60b2256 8134809 net optional cups_2.4.7.orig.tar.gz
 aa1ef89b6837bf5742d0517c61dbe8d7 228 net optional cups_2.4.7.orig.tar.gz.asc
 176916b932730693d819bc6d68995d4f 383284 net optional cups_2.4.7-1.debian.tar.xz
 a151a50a14e07b7ec61bc6a7ec6bc882 13522 net optional cups_2.4.7-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmUh3MZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwtaD/0RKUaUqgm//CZEZfRxvp7sra300U5U
sBCUcEwjL4NsLKks14EQpqt17zVsWQ34TWTA6wQ2m1zrp/z8hG5MiZQbna0yG1Ye
8cG7XK7EBkQZdimu+nsmBspMrfnuUpGEt4VOi8yN4qkVP2SvT/NV7bQd5L5d7upx
pOWNykuBFQDynanE4ZiFflG1IsbZVZAuaDMdV9jB5b2wzCCkE0r+eQBv+MaqlbpV
MWjw+1U411L3BKJmsj1GJSfb4LS4qjLpyhLC6LeLnM+RLR2P9D0/O12Z7FAo40yo
xR06k1s44lxjSXxvMlGqZkD3rleBrdTK5GJbz5/BKmXtBirg1hz0A4SxDChJNV3N
KBd8zruJ9WUxD+d13QMykmGpi/HAoVoP7jo27WVhAQPT3wlr6SiytqUIBE1EzU9T
jnFge8dezve7SP/QAKL5vDMXtNJq0qt/xrgwqrDpB/0J0XIfpy9qdtGxillU40/v
bSrC/jUtabcrttocXquzLVlHip375tNp+oTFK4Vki9xUKRzHaHsVUSg6EdDdzTnO
oGq0jbZOCnRnCA1GEG+ZSoI2flBHDT2hyvGo7F6LXl8+i6c3KyyyUyB3WtFpRdLo
aqB9wIIGtAKOhtogUD001XYEXC0mGpHsJdcfJUvD4nAR4qwrCJWJqfqBr25TDpRA
3ZOL1n51WHWuIQ==
=uG+d
-----END PGP SIGNATURE-----

Reply sent to Thorsten Alteholz <debian@alteholz.de>:
You have taken responsibility. (Sat, 07 Oct 2023 22:39:05 GMT) (full text, mbox, link).

Notification sent to Дмитрий Тихомиров <dtikhomirov@astralinux.ru>:
Bug acknowledged by developer. (Sat, 07 Oct 2023 22:39:05 GMT) (full text, mbox, link).

Message #32 received at 1009147-close@bugs.debian.org (full text, mbox, reply):

Source: cups
Source-Version: 2.4.7-1
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1009147@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Oct 2023 20:16:49 +0200
Source: cups
Architecture: source
Version: 2.4.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 954974 971625 998004 1008053 1009146 1009147 1039983 1041466 1043331 1043470 1052419
Changes:
 cups (2.4.7-1) unstable; urgency=medium
 .
   * Update to new upstream version 2.4.7.
     (Closes: #1039983   this should have been fixed in 2.4.3)
     (Closes: #1041466   this should have been fixed in 2.4.3)
     (Closes: #1043331   this should have been fixed in 2.4.3)
     (Closes: #998004    this should have been fixed in 2.4.3)
     (Closes: #1008053   this should have been fixed in 2.4.3)
     (Closes: #1009146   this should have been fixed in 2.4.3)
     (Closes: #1009147   this should have been fixed in 2.4.3)
   * debian/watch: update watch file (Closes: #1043470)
                   (thanks a lot to t3b4in+2gxh764v647us@cs.email)
   * debian/rules: switch on testing again
   * debian/control: bump standard to 4.6.2 (no changes)
   * debian/cups-daemon.NEWS: reword last entry (Closes: #1052419)
                              (thanks to IOhannes m zmoelnig)
   * debian/local/apparmor-profile: add drop-in for cups-pdf as well
                                    (Closes: #954974)
   * Provide a cups.pc file. (Closes: #971625)
     (thanks a lot to Helmut Grohne for the patch)
   * update debian/*.lintian-overrides and use new syntax
Checksums-Sha1:
 cbc8bfafbffcdf91c3485d969c8d09bb95bf3c2f 3357 cups_2.4.7-1.dsc
 9c6155dfa367eee9a88ad08cf83b1dc6c446309f 8134809 cups_2.4.7.orig.tar.gz
 a2b411cdcf336ac0ba9b3f6d17377cc963bf7d26 228 cups_2.4.7.orig.tar.gz.asc
 925bced67d126a6dc1ce3586de2b58327c417240 383284 cups_2.4.7-1.debian.tar.xz
 01d9093d9e634e5bf609546ada19e8a41b4625b7 13522 cups_2.4.7-1_amd64.buildinfo
Checksums-Sha256:
 28a4e4dcbecb7ee3ddb8ba6883e09add5556f73e45bd6536e04b552bbffad8ef 3357 cups_2.4.7-1.dsc
 dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c 8134809 cups_2.4.7.orig.tar.gz
 4a5f7d06dd1255248c0718111b86c8c40e56990c9c7ec497f4190d933e0691a4 228 cups_2.4.7.orig.tar.gz.asc
 8609ef2edd3f5142fb1dd3f6ae7a323b1a952a4a49cb3ae04aa7f31ef4f1bc75 383284 cups_2.4.7-1.debian.tar.xz
 75374e7a994ed757e71eeafba5daed63bd4966122c0ace02bfa7b025a85736b6 13522 cups_2.4.7-1_amd64.buildinfo
Files:
 d127d7414d397282312dabf9ea7b3c69 3357 net optional cups_2.4.7-1.dsc
 e0a5ddbf53dfad41da26fc1ef60b2256 8134809 net optional cups_2.4.7.orig.tar.gz
 aa1ef89b6837bf5742d0517c61dbe8d7 228 net optional cups_2.4.7.orig.tar.gz.asc
 176916b932730693d819bc6d68995d4f 383284 net optional cups_2.4.7-1.debian.tar.xz
 a151a50a14e07b7ec61bc6a7ec6bc882 13522 net optional cups_2.4.7-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmUh3MZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwtaD/0RKUaUqgm//CZEZfRxvp7sra300U5U
sBCUcEwjL4NsLKks14EQpqt17zVsWQ34TWTA6wQ2m1zrp/z8hG5MiZQbna0yG1Ye
8cG7XK7EBkQZdimu+nsmBspMrfnuUpGEt4VOi8yN4qkVP2SvT/NV7bQd5L5d7upx
pOWNykuBFQDynanE4ZiFflG1IsbZVZAuaDMdV9jB5b2wzCCkE0r+eQBv+MaqlbpV
MWjw+1U411L3BKJmsj1GJSfb4LS4qjLpyhLC6LeLnM+RLR2P9D0/O12Z7FAo40yo
xR06k1s44lxjSXxvMlGqZkD3rleBrdTK5GJbz5/BKmXtBirg1hz0A4SxDChJNV3N
KBd8zruJ9WUxD+d13QMykmGpi/HAoVoP7jo27WVhAQPT3wlr6SiytqUIBE1EzU9T
jnFge8dezve7SP/QAKL5vDMXtNJq0qt/xrgwqrDpB/0J0XIfpy9qdtGxillU40/v
bSrC/jUtabcrttocXquzLVlHip375tNp+oTFK4Vki9xUKRzHaHsVUSg6EdDdzTnO
oGq0jbZOCnRnCA1GEG+ZSoI2flBHDT2hyvGo7F6LXl8+i6c3KyyyUyB3WtFpRdLo
aqB9wIIGtAKOhtogUD001XYEXC0mGpHsJdcfJUvD4nAR4qwrCJWJqfqBr25TDpRA
3ZOL1n51WHWuIQ==
=uG+d
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 10 Nov 2023 07:29:06 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Nov 17 23:29:08 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #1009146 cups Segmentation fault

Debian Bug report logs - #1009146
cups Segmentation fault