upstream/oracle/userland-gate: components/cups/patches/str4356.patch@cca72467a46d (annotated)

2108 6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	1	See : http://www.cups.org/str.php?L4356 for details.
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	2
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	3	Index: scheduler/client.c
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	4	===================================================================
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	5	--- scheduler/client.c
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	6	+++ scheduler/client.c
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	7	@@ -4251,6 +4251,14 @@
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	8	return (0);
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	9
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	10	/*
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	11	+ * Check for "<" or quotes in the path and reject since this is probably
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	12	+ * someone trying to inject HTML...
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	13	+ */
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	14	+
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	15	+ if (strchr(path, '<') != NULL \|\| strchr(path, '\"') != NULL \|\| strchr(path, '\'') != NULL)
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	16	+ return (0);
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	17	+
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	18	+ /*
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	19	* Check for "/.." in the path...
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	20	*/
6145b31310ca 19276003 problem in UTILITY/CUPS Mohana Rao Gorai <mohana.gorai@oracle.com> parents: diff changeset	21

author	Stefan Teleman <stefan.teleman@oracle.com>
	Tue, 17 Mar 2015 19:06:56 -0700
changeset 3966	cca72467a46d
parent 2108	6145b31310ca
permissions	-rw-r--r--