From ffa8801644a7d53cc1c785e3450f794c07a14eb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= <debian@jff-webhosting.net>
Date: Sun, 2 Feb 2020 17:13:01 +0100
Subject: New upstream version 1.0.29

---
 backend/gt68xx.c | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

(limited to 'backend/gt68xx.c')

diff --git a/backend/gt68xx.c b/backend/gt68xx.c
index fb3bfb4..00190fe 100644
--- a/backend/gt68xx.c
+++ b/backend/gt68xx.c
@@ -752,7 +752,7 @@ init_options (GT68xx_Scanner * s)
 
   /* calibration needed */
   s->opt[OPT_NEED_CALIBRATION_SW].name = "need-calibration";
-  s->opt[OPT_NEED_CALIBRATION_SW].title = SANE_I18N ("Need calibration");
+  s->opt[OPT_NEED_CALIBRATION_SW].title = SANE_I18N ("Needs calibration");
   s->opt[OPT_NEED_CALIBRATION_SW].desc = SANE_I18N ("The scanner needs calibration for the current settings");
   s->opt[OPT_NEED_CALIBRATION_SW].type = SANE_TYPE_BOOL;
   s->opt[OPT_NEED_CALIBRATION_SW].unit = SANE_UNIT_NONE;
@@ -947,25 +947,30 @@ download_firmware_file (GT68xx_Device * dev)
   if (strncmp (dev->model->firmware_name, PATH_SEP, 1) != 0)
     {
       /* probably filename only */
-      snprintf (filename, PATH_MAX, "%s%s%s%s%s%s%s",
+      snprintf (filename, sizeof(filename), "%s%s%s%s%s%s%s",
                 STRINGIFY (PATH_SANE_DATA_DIR),
                 PATH_SEP, "sane", PATH_SEP, "gt68xx", PATH_SEP,
                 dev->model->firmware_name);
-      snprintf (dirname, PATH_MAX, "%s%s%s%s%s",
+      snprintf (dirname, sizeof(dirname), "%s%s%s%s%s",
                 STRINGIFY (PATH_SANE_DATA_DIR),
                 PATH_SEP, "sane", PATH_SEP, "gt68xx");
-      strncpy (basename, dev->model->firmware_name, PATH_MAX);
+      strncpy (basename, dev->model->firmware_name, sizeof(basename) - 1);
+      basename[sizeof(basename) - 1] = '\0';
     }
   else
     {
       /* absolute path */
       char *pos;
-      strncpy (filename, dev->model->firmware_name, PATH_MAX);
-      strncpy (dirname, dev->model->firmware_name, PATH_MAX);
+      strncpy (filename, dev->model->firmware_name, sizeof(filename) - 1);
+      filename[sizeof(filename) - 1] = '\0';
+      strncpy (dirname, dev->model->firmware_name, sizeof(dirname) - 1);
+      dirname[sizeof(dirname) - 1] = '\0';
+
       pos = strrchr (dirname, PATH_SEP[0]);
       if (pos)
         pos[0] = '\0';
-      strncpy (basename, pos + 1, PATH_MAX);
+      strncpy (basename, pos + 1, sizeof(basename) - 1);
+      basename[sizeof(basename) - 1] = '\0';
     }
 
   /* first, try to open with exact case */
@@ -994,11 +999,16 @@ download_firmware_file (GT68xx_Device * dev)
             {
               direntry = readdir (dir);
               if (direntry
-                  && (strncasecmp (direntry->d_name, basename, PATH_MAX) ==
-                      0))
+                  && (strncasecmp (direntry->d_name, basename, PATH_MAX) == 0))
                 {
-                  snprintf (filename, PATH_MAX, "%s%s%s",
-                            dirname, PATH_SEP, direntry->d_name);
+                  int len = snprintf (filename, sizeof(filename), "%s%s%s",
+                                      dirname, PATH_SEP, direntry->d_name);
+                  if ((len < 0) || (len >= (int) sizeof(filename)))
+                    {
+                      DBG (5, "download_firmware: filepath `%s%s%s' too long\n",
+                           dirname, PATH_SEP, direntry->d_name);
+                      status = SANE_STATUS_INVAL;
+                    }
                   break;
                 }
             }
-- 
cgit v1.2.3