[sane-devel] [BUG] saned: missing input sanitization

Henning Meier-Geinitz henning@meier-geinitz.de
Sat, 16 Oct 2004 15:48:19 +0200


On Fri, Oct 15, 2004 at 03:47:40PM +0200, Johannes Berg wrote:
> SANE_NET_OPEN makes saned segfault if a NULL name is passed, because it
> tries to strdup() the name without checking for != NULL.

I've added a check to CVS. It returns an error to the client because I
think that's a protocol violation. Zero-length strings are allowed for
sane_open but not NULL-pointers.

Could you check if that works and doesn't create any new bugs?