$NetBSD: patch-bb,v 1.6 2010/06/16 21:15:18 sbd Exp $

Incorporate str3577.patch from
http://www.cups.org/str.php?L3577
"Memory disclosure in CUPS with admin URLs"

--- cgi-bin/var.c.orig	2010-02-08 17:33:31.000000000 +0000
+++ cgi-bin/var.c
@@ -927,6 +927,9 @@ cgi_initialize_string(const char *data)	
 	    * Read the hex code...
 	    */
 
+	    if (!isxdigit(data[1] & 255) || !isxdigit(data[2] & 255))
+		return (0);
+
             if (s < (value + sizeof(value) - 1))
 	    {
               data ++;