From 58912f68c2489bcee787599837447e0d64dfd61a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= <debian@jff-webhosting.net>
Date: Wed, 24 May 2017 21:03:56 +0200
Subject: New upstream version 1.0.27

---
 backend/as6e.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'backend/as6e.c')

diff --git a/backend/as6e.c b/backend/as6e.c
index 0fb9e31..76241fb 100644
--- a/backend/as6e.c
+++ b/backend/as6e.c
@@ -576,8 +576,8 @@ as6e_open (AS6E_Scan * s)
 	    execlp ("as6edriver", "as6edriver", "-s", inpipe_desc,
 		    outpipe_desc, datapipe_desc, (char *) 0);
 	  DBG (1, "The SANE backend was unable to start \"as6edriver\".\n");
-	  DBG (1, "This must be installed in a driectory in your PATH.\n");
-	  DBG (1, "To aquire the as6edriver program,\n");
+	  DBG (1, "This must be installed in a directory in your PATH.\n");
+	  DBG (1, "To acquire the as6edriver program,\n");
 	  DBG (1, "go to http://as6edriver.sourceforge.net.\n");
 	  write (ctlinpipe[WRITEPIPE], &exec_result, sizeof (exec_result));
 	  exit (-1);
-- 
cgit v1.2.3


From 1687222e1b9e74c89cafbb5910e72d8ec7bfd40f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= <debian@jff-webhosting.net>
Date: Wed, 31 Jul 2019 16:59:49 +0200
Subject: New upstream version 1.0.28

---
 backend/as6e.c | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

(limited to 'backend/as6e.c')

diff --git a/backend/as6e.c b/backend/as6e.c
index 76241fb..37a6d3b 100644
--- a/backend/as6e.c
+++ b/backend/as6e.c
@@ -799,7 +799,7 @@ check_for_driver (const char *devname)
   char *path;
   char fullname[NAMESIZE];
   char dir[NAMESIZE];
-  int count = 0, offset = 0;
+  int count = 0, offset = 0, valid;
 
   path = getenv ("PATH");
   if (!path)
@@ -808,21 +808,29 @@ check_for_driver (const char *devname)
     {
       memset (fullname, '\0', sizeof (fullname));
       memset (dir, '\0', sizeof (dir));
+      valid = 1;
       while ((path[count] != ':') && (path[count] != '\0'))
 	{
-	  dir[count - offset] = path[count];
+	  /* prevent writing data, which are out of bounds */
+	  if ((unsigned int)(count - offset) < sizeof (dir))
+	    dir[count - offset] = path[count];
+	  else
+	    valid = 0;
 	  count++;
 	}
-      /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */
-      strncpy (fullname, dir, sizeof(fullname)-1);
-      /* take into account that fullname already contains non-null bytes */
-      strncat (fullname, "/", sizeof(fullname)-strlen(fullname)-1);
-      strncat (fullname, devname, sizeof(fullname)-strlen(fullname)-1);
-      if (!stat (fullname, &statbuf))
+	if (valid == 1)
 	{
-	  modes = statbuf.st_mode;
-	  if (S_ISREG (modes))
-	    return (1);		/* found as6edriver */
+        /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */
+        strncpy (fullname, dir, sizeof(fullname)-1);
+        /* take into account that fullname already contains non-null bytes */
+        strncat (fullname, "/", sizeof(fullname)-strlen(fullname)-1);
+        strncat (fullname, devname, sizeof(fullname)-strlen(fullname)-1);
+        if (!stat (fullname, &statbuf))
+	  {
+	    modes = statbuf.st_mode;
+	    if (S_ISREG (modes))
+	      return (1);		/* found as6edriver */
+	  }
 	}
       if (path[count] == '\0')
 	return (0);		/* end of path --no driver found */
-- 
cgit v1.2.3


From ffa8801644a7d53cc1c785e3450f794c07a14eb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= <debian@jff-webhosting.net>
Date: Sun, 2 Feb 2020 17:13:01 +0100
Subject: New upstream version 1.0.29

---
 backend/as6e.c | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

(limited to 'backend/as6e.c')

diff --git a/backend/as6e.c b/backend/as6e.c
index 37a6d3b..47d8c90 100644
--- a/backend/as6e.c
+++ b/backend/as6e.c
@@ -797,7 +797,6 @@ check_for_driver (const char *devname)
   struct stat statbuf;
   mode_t modes;
   char *path;
-  char fullname[NAMESIZE];
   char dir[NAMESIZE];
   int count = 0, offset = 0, valid;
 
@@ -806,7 +805,6 @@ check_for_driver (const char *devname)
     return 0;
   while (path[count] != '\0')
     {
-      memset (fullname, '\0', sizeof (fullname));
       memset (dir, '\0', sizeof (dir));
       valid = 1;
       while ((path[count] != ':') && (path[count] != '\0'))
@@ -819,19 +817,19 @@ check_for_driver (const char *devname)
 	  count++;
 	}
 	if (valid == 1)
-	{
-        /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */
-        strncpy (fullname, dir, sizeof(fullname)-1);
-        /* take into account that fullname already contains non-null bytes */
-        strncat (fullname, "/", sizeof(fullname)-strlen(fullname)-1);
-        strncat (fullname, devname, sizeof(fullname)-strlen(fullname)-1);
-        if (!stat (fullname, &statbuf))
-	  {
-	    modes = statbuf.st_mode;
-	    if (S_ISREG (modes))
-	      return (1);		/* found as6edriver */
-	  }
-	}
+          {
+            char fullname[NAMESIZE];
+            int len = snprintf(fullname, sizeof(fullname), "%s/%s", dir, devname);
+            if ((len > 0) && (len <= (int)sizeof(fullname)))
+              {
+                if (!stat (fullname, &statbuf))
+                  {
+                    modes = statbuf.st_mode;
+                    if (S_ISREG (modes))
+                      return (1);		/* found as6edriver */
+                  }
+              }
+          }
       if (path[count] == '\0')
 	return (0);		/* end of path --no driver found */
       count++;
-- 
cgit v1.2.3