|
1 Source: |
|
2 http://openwall.com/lists/oss-security/2015/03/24/2 |
|
3 |
|
4 diff -up cups-1.4.2/scheduler/dirsvc.c.ansi cups-1.4.2/scheduler/dirsvc.c |
|
5 --- scheduler/dirsvc.c.ansi 2014-07-09 13:15:37.087313176 +0100 |
|
6 +++ scheduler/dirsvc.c 2014-07-09 13:25:51.415720934 +0100 |
|
7 @@ -3288,6 +3288,11 @@ process_browse_data( |
|
8 if (hptr && !*hptr) |
|
9 *hptr = '.'; /* Resource FQDN */ |
|
10 |
|
11 + if (!cupsdValidateName(name)) { |
|
12 + cupsdLogMessage(CUPSD_LOG_DEBUG, "process_browse_data: invalid name..."); |
|
13 + return; |
|
14 + } |
|
15 + |
|
16 if ((p = cupsdFindDest(name)) == NULL && BrowseShortNames) |
|
17 { |
|
18 /* |
|
19 diff -up cups-1.4.2/scheduler/ipp.c.ansi cups-1.4.2/scheduler/ipp.c |
|
20 --- scheduler/ipp.c.ansi 2014-07-09 13:13:41.878674069 +0100 |
|
21 +++ scheduler/ipp.c 2014-07-09 13:20:03.451790768 +0100 |
|
22 @@ -98,8 +98,6 @@ |
|
23 * url_encode_string() - URL-encode a string. |
|
24 * user_allowed() - See if a user is allowed to print to a queue. |
|
25 * validate_job() - Validate printer options and destination. |
|
26 - * validate_name() - Make sure the printer name only contains |
|
27 - * valid chars. |
|
28 * validate_user() - Validate the user for the request. |
|
29 */ |
|
30 |
|
31 @@ -248,7 +246,6 @@ static void url_encode_attr(ipp_attribut |
|
32 static char *url_encode_string(const char *s, char *buffer, int bufsize); |
|
33 static int user_allowed(cupsd_printer_t *p, const char *username); |
|
34 static void validate_job(cupsd_client_t *con, ipp_attribute_t *uri); |
|
35 -static int validate_name(const char *name); |
|
36 static int validate_user(cupsd_job_t *job, cupsd_client_t *con, |
|
37 const char *owner, char *username, |
|
38 int userlen); |
|
39 @@ -985,7 +982,7 @@ add_class(cupsd_client_t *con, /* I - |
|
40 * Do we have a valid printer name? |
|
41 */ |
|
42 |
|
43 - if (!validate_name(resource + 9)) |
|
44 + if (!cupsdValidateName(resource + 9)) |
|
45 { |
|
46 /* |
|
47 * No, return an error... |
|
48 @@ -2577,7 +2574,7 @@ add_printer(cupsd_client_t *con, /* I - |
|
49 * Do we have a valid printer name? |
|
50 */ |
|
51 |
|
52 - if (!validate_name(resource + 10)) |
|
53 + if (!cupsdValidateName(resource + 10)) |
|
54 { |
|
55 /* |
|
56 * No, return an error... |
|
57 @@ -11842,32 +11839,6 @@ validate_job(cupsd_client_t *con, /* I |
|
58 } |
|
59 |
|
60 |
|
61 -/* |
|
62 - * 'validate_name()' - Make sure the printer name only contains valid chars. |
|
63 - */ |
|
64 - |
|
65 -static int /* O - 0 if name is no good, 1 if good */ |
|
66 -validate_name(const char *name) /* I - Name to check */ |
|
67 -{ |
|
68 - const char *ptr; /* Pointer into name */ |
|
69 - |
|
70 - |
|
71 - /* |
|
72 - * Scan the whole name... |
|
73 - */ |
|
74 - |
|
75 - for (ptr = name; *ptr; ptr ++) |
|
76 - if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#') |
|
77 - return (0); |
|
78 - |
|
79 - /* |
|
80 - * All the characters are good; validate the length, too... |
|
81 - */ |
|
82 - |
|
83 - return ((ptr - name) < 128); |
|
84 -} |
|
85 - |
|
86 - |
|
87 /* |
|
88 * 'validate_user()' - Validate the user for the request. |
|
89 */ |
|
90 diff -up cups-1.4.2/scheduler/printers.c.ansi cups-1.4.2/scheduler/printers.c |
|
91 --- scheduler/printers.c.ansi 2014-07-09 13:15:28.635266291 +0100 |
|
92 +++ scheduler/printers.c 2014-07-09 13:19:59.450768573 +0100 |
|
93 @@ -38,6 +38,8 @@ |
|
94 * cupsdUpdatePrinterPPD() - Update keywords in a printer's PPD file. |
|
95 * cupsdUpdatePrinters() - Update printers after a partial reload. |
|
96 * cupsdValidateDest() - Validate a printer/class destination. |
|
97 + * cupsdValidateName() - Make sure the printer name only contains |
|
98 + * valid chars. |
|
99 * cupsdWritePrintcap() - Write a pseudo-printcap file for older |
|
100 * applications that need it... |
|
101 * add_printer_defaults() - Add name-default attributes to the printer |
|
102 @@ -3265,6 +3267,32 @@ cupsdValidateDest( |
|
103 } |
|
104 |
|
105 |
|
106 +/* |
|
107 + * 'cupsdValidateName()' - Make sure the printer name only contains valid chars. |
|
108 + */ |
|
109 + |
|
110 +int /* O - 0 if name is no good, 1 if good */ |
|
111 +cupsdValidateName(const char *name) /* I - Name to check */ |
|
112 +{ |
|
113 + const char *ptr; /* Pointer into name */ |
|
114 + |
|
115 + |
|
116 + /* |
|
117 + * Scan the whole name... |
|
118 + */ |
|
119 + |
|
120 + for (ptr = name; *ptr; ptr ++) |
|
121 + if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#') |
|
122 + return (0); |
|
123 + |
|
124 + /* |
|
125 + * All the characters are good; validate the length, too... |
|
126 + */ |
|
127 + |
|
128 + return ((ptr - name) < 128); |
|
129 +} |
|
130 + |
|
131 + |
|
132 /* |
|
133 * 'cupsdWritePrintcap()' - Write a pseudo-printcap file for older applications |
|
134 * that need it... |
|
135 diff -up cups-1.4.2/scheduler/printers.h.ansi cups-1.4.2/scheduler/printers.h |
|
136 --- scheduler/printers.h.ansi 2014-07-09 13:14:09.982829975 +0100 |
|
137 +++ scheduler/printers.h 2014-07-09 13:17:38.719987911 +0100 |
|
138 @@ -175,6 +175,7 @@ extern cupsd_quota_t *cupsdUpdateQuota(c |
|
139 extern const char *cupsdValidateDest(const char *uri, |
|
140 cups_ptype_t *dtype, |
|
141 cupsd_printer_t **printer); |
|
142 +extern int cupsdValidateName(const char *name); |
|
143 extern void cupsdWritePrintcap(void); |
|
144 |
|
145 |