mirror
/
sane-project-backends
kopia lustrzana https://gitlab.com/sane-project/backends
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

epson2: fixed network transport for new scanners 

increased command buffer due memory overrun, and always read receive
    status, even for zero length on network scanenrs, should fix #315552
merge-requests/1/head
René Rebe 2017-05-05 07:05:30 +02:00 zatwierdzone przez René Rebe
rodzic 6ffeb90973
commit 5b10b0b635
4 zmienionych plików z 39 dodań i 31 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

46
backend/epson2-io.c
Wyświetl plik

@ -113,32 +113,37 @@ ssize_t
e2_recv(Epson_Scanner *s, void *buf, ssize_t buf_size,
SANE_Status *status)
{
ssize_t n = 0;
ssize_t n = buf_size; /* network interface needs to read header back even data is 0.*/
DBG(15, "%s: size = %ld, buf = %p\n", __func__, (long) buf_size, buf);
*status = SANE_STATUS_GOOD;
if (s->hw->connection == SANE_EPSON_NET) {
n = sanei_epson_net_read(s, buf, buf_size, status);
} else if (s->hw->connection == SANE_EPSON_SCSI) {
n = sanei_epson2_scsi_read(s->fd, buf, buf_size, status);
if (buf_size)
n = sanei_epson2_scsi_read(s->fd, buf, buf_size, status);
} else if (s->hw->connection == SANE_EPSON_PIO) {
if (buf_size ==
(n = sanei_pio_read(s->fd, buf, (size_t) buf_size)))
*status = SANE_STATUS_GOOD;
else
*status = SANE_STATUS_INVAL;
if (buf_size) {
if (buf_size ==
(n = sanei_pio_read(s->fd, buf, (size_t) buf_size)))
*status = SANE_STATUS_GOOD;
else
*status = SANE_STATUS_INVAL;
}
} else if (s->hw->connection == SANE_EPSON_USB) {
/* !!! only report an error if we don't read anything */
n = buf_size; /* buf_size gets overwritten */
*status =
sanei_usb_read_bulk(s->fd, (SANE_Byte *) buf,
(size_t *) & n);
r_cmd_count += (n + 63) / 64; /* add # of packets, rounding up */
DBG(20, "%s: cmd count, r = %d, w = %d\n",
__func__, r_cmd_count, w_cmd_count);
if (n) {
*status =
sanei_usb_read_bulk(s->fd, (SANE_Byte *) buf,
(size_t *) & n);
r_cmd_count += (n + 63) / 64; /* add # of packets, rounding up */
DBG(20, "%s: cmd count, r = %d, w = %d\n",
__func__, r_cmd_count, w_cmd_count);
if (n > 0)
*status = SANE_STATUS_GOOD;
if (n > 0)
*status = SANE_STATUS_GOOD;
}
}
if (n < buf_size) {
@ -170,18 +175,23 @@ e2_txrx(Epson_Scanner * s, unsigned char *txbuf, size_t txlen,
unsigned char *rxbuf, size_t rxlen)
{
SANE_Status status;
size_t done;
e2_send(s, txbuf, txlen, rxlen, &status);
done = e2_send(s, txbuf, txlen, rxlen, &status);
if (status != SANE_STATUS_GOOD) {
DBG(1, "%s: tx err, %s\n", __func__, sane_strstatus(status));
return status;
}
if (done != txlen) {
DBG(1, "%s: tx err, short write\n", __func__);
return SANE_STATUS_IO_ERROR;
}
e2_recv(s, rxbuf, rxlen, &status);
if (status != SANE_STATUS_GOOD) {
DBG(1, "%s: rx err, %s\n", __func__, sane_strstatus(status));
}
DBG(1, "%s: eds_recv status, %s\n", __func__, sane_strstatus(status));
return status;
}

2
backend/epsonds-cmd.c
Wyświetl plik

@ -133,7 +133,7 @@ static SANE_Status esci2_cmd(epsonds_scanner* s,
{
SANE_Status status;
unsigned int more;
char header[12], rbuf[64];
char header[13], rbuf[64]; /* add one more byte for header buffer to correct buffer overflow issue,*/
DBG(8, "%s: %4s len %lu, payload len: %lu\n", __func__, cmd, len, plen);

20
backend/epsonds-io.c
Wyświetl plik

@ -65,21 +65,23 @@ size_t eds_send(epsonds_scanner *s, void *buf, size_t length, SANE_Status *statu
size_t eds_recv(epsonds_scanner *s, void *buf, size_t length, SANE_Status *status)
{
size_t n = 0;
size_t n = length; /* network interface needs to read header back even data is 0.*/
DBG(30, "%s: size = %ld, buf = %p\n", __func__, (long) length, buf);
*status = SANE_STATUS_GOOD;
if (s->hw->connection == SANE_EPSONDS_NET) {
n = epsonds_net_read(s, buf, length, status);
} else if (s->hw->connection == SANE_EPSONDS_USB) {
/* !!! only report an error if we don't read anything */
n = length;
*status = sanei_usb_read_bulk(s->fd, (SANE_Byte *)buf,
(size_t *) &n);
if (n > 0)
*status = SANE_STATUS_GOOD;
if (n) {
*status = sanei_usb_read_bulk(s->fd, (SANE_Byte *)buf,
(size_t *) &n);
if (n > 0)
*status = SANE_STATUS_GOOD;
}
}
if (n < length) {
@ -111,10 +113,6 @@ SANE_Status eds_txrx(epsonds_scanner* s, char *txbuf, size_t txlen,
return SANE_STATUS_IO_ERROR;
}
if (rxlen == 0) {
return status;
}
done = eds_recv(s, rxbuf, rxlen, &status);
if (status != SANE_STATUS_GOOD) {
DBG(1, "%s: rx err, %s\n", __func__, sane_strstatus(status));

2
backend/epsonds.c
Wyświetl plik

@ -1178,7 +1178,7 @@ SANE_Status
sane_start(SANE_Handle handle)
{
epsonds_scanner *s = (epsonds_scanner *)handle;
char buf[64];
char buf[65]; /* add one more byte to correct buffer overflow issue */
char cmd[100]; /* take care not to overflow */
SANE_Status status = 0;