http://bugzilla.novell.com/show_bug.cgi?id=447444
User vuntz@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=447444#c6
--- Comment #6 from Vincent Untz
This is since I see inlining problems here which you probably cant filter out all. This is due to the internal parsing of CUPS' config-files inside cups itself.
config-files are parsed line by line, by reading in a buffer of 1024 (or HTTPMAX_BUFFER, depending whether it reads config or printers file etc.) bytes. For cups after this chunk a new line begins. No matter of \n. So imagine if you submit a config-tag that has junk until 1024th byte, you can add a "Include" or any other evil option to it which will receive cups-config-parser like it was entered in a new line. So, in effect, even though you corretly filter out \n characters via g_ascii_isprint(), you have the chance to 'fake' cups a newline and arbitrary config-options.
Ah, good to know. We could certainly limit the size to 256 characters, eg. The only case where I can really imagine this be a limitation is for properties which include a "reason" (like when putting a job on hold). But 256 characters is still a lot... Don't know if that would be enough for you? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.