upstream/oracle/userland-gate: components/cups/patches/str4356.patch@800060d48040 (annotated)

3389 b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	1	See : http://www.cups.org/str.php?L4356 for details.
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	2
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	3	Index: scheduler/client.c
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	4	===================================================================
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	5	--- scheduler/client.c
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	6	+++ scheduler/client.c
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	7	@@ -4251,6 +4251,14 @@
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	8	return (0);
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	9
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	10	/*
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	11	+ * Check for "<" or quotes in the path and reject since this is probably
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	12	+ * someone trying to inject HTML...
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	13	+ */
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	14	+
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	15	+ if (strchr(path, '<') != NULL \|\| strchr(path, '\"') != NULL \|\| strchr(path, '\'') != NULL)
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	16	+ return (0);
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	17	+
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	18	+ /*
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	19	* Check for "/.." in the path...
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	20	*/
b77a52ff5cfd 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	21

author	Tomas Klacko <tomas.klacko@oracle.com>
	Mon, 16 Mar 2015 06:37:48 -0700
branch	s11u2-sru
changeset 3949	800060d48040
parent 3389	b77a52ff5cfd
permissions	-rw-r--r--