Source:
http://openwall.com/lists/oss-security/2015/03/24/2
diff -up cups-1.4.2/scheduler/dirsvc.c.ansi cups-1.4.2/scheduler/dirsvc.c
--- scheduler/dirsvc.c.ansi 2014-07-09 13:15:37.087313176 +0100
+++ scheduler/dirsvc.c 2014-07-09 13:25:51.415720934 +0100
@@ -3288,6 +3288,11 @@ process_browse_data(
if (hptr && !*hptr)
*hptr = '.'; /* Resource FQDN */
+ if (!cupsdValidateName(name)) {
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "process_browse_data: invalid name...");
+ return;
+ }
+
if ((p = cupsdFindDest(name)) == NULL && BrowseShortNames)
{
/*
diff -up cups-1.4.2/scheduler/ipp.c.ansi cups-1.4.2/scheduler/ipp.c
--- scheduler/ipp.c.ansi 2014-07-09 13:13:41.878674069 +0100
+++ scheduler/ipp.c 2014-07-09 13:20:03.451790768 +0100
@@ -98,8 +98,6 @@
* url_encode_string() - URL-encode a string.
* user_allowed() - See if a user is allowed to print to a queue.
* validate_job() - Validate printer options and destination.
- * validate_name() - Make sure the printer name only contains
- * valid chars.
* validate_user() - Validate the user for the request.
*/
@@ -248,7 +246,6 @@ static void url_encode_attr(ipp_attribut
static char *url_encode_string(const char *s, char *buffer, int bufsize);
static int user_allowed(cupsd_printer_t *p, const char *username);
static void validate_job(cupsd_client_t *con, ipp_attribute_t *uri);
-static int validate_name(const char *name);
static int validate_user(cupsd_job_t *job, cupsd_client_t *con,
const char *owner, char *username,
int userlen);
@@ -985,7 +982,7 @@ add_class(cupsd_client_t *con, /* I -
* Do we have a valid printer name?
*/
- if (!validate_name(resource + 9))
+ if (!cupsdValidateName(resource + 9))
{
/*
* No, return an error...
@@ -2577,7 +2574,7 @@ add_printer(cupsd_client_t *con, /* I -
* Do we have a valid printer name?
*/
- if (!validate_name(resource + 10))
+ if (!cupsdValidateName(resource + 10))
{
/*
* No, return an error...
@@ -11842,32 +11839,6 @@ validate_job(cupsd_client_t *con, /* I
}
-/*
- * 'validate_name()' - Make sure the printer name only contains valid chars.
- */
-
-static int /* O - 0 if name is no good, 1 if good */
-validate_name(const char *name) /* I - Name to check */
-{
- const char *ptr; /* Pointer into name */
-
-
- /*
- * Scan the whole name...
- */
-
- for (ptr = name; *ptr; ptr ++)
- if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
- return (0);
-
- /*
- * All the characters are good; validate the length, too...
- */
-
- return ((ptr - name) < 128);
-}
-
-
/*
* 'validate_user()' - Validate the user for the request.
*/
diff -up cups-1.4.2/scheduler/printers.c.ansi cups-1.4.2/scheduler/printers.c
--- scheduler/printers.c.ansi 2014-07-09 13:15:28.635266291 +0100
+++ scheduler/printers.c 2014-07-09 13:19:59.450768573 +0100
@@ -38,6 +38,8 @@
* cupsdUpdatePrinterPPD() - Update keywords in a printer's PPD file.
* cupsdUpdatePrinters() - Update printers after a partial reload.
* cupsdValidateDest() - Validate a printer/class destination.
+ * cupsdValidateName() - Make sure the printer name only contains
+ * valid chars.
* cupsdWritePrintcap() - Write a pseudo-printcap file for older
* applications that need it...
* add_printer_defaults() - Add name-default attributes to the printer
@@ -3265,6 +3267,32 @@ cupsdValidateDest(
}
+/*
+ * 'cupsdValidateName()' - Make sure the printer name only contains valid chars.
+ */
+
+int /* O - 0 if name is no good, 1 if good */
+cupsdValidateName(const char *name) /* I - Name to check */
+{
+ const char *ptr; /* Pointer into name */
+
+
+ /*
+ * Scan the whole name...
+ */
+
+ for (ptr = name; *ptr; ptr ++)
+ if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
+ return (0);
+
+ /*
+ * All the characters are good; validate the length, too...
+ */
+
+ return ((ptr - name) < 128);
+}
+
+
/*
* 'cupsdWritePrintcap()' - Write a pseudo-printcap file for older applications
* that need it...
diff -up cups-1.4.2/scheduler/printers.h.ansi cups-1.4.2/scheduler/printers.h
--- scheduler/printers.h.ansi 2014-07-09 13:14:09.982829975 +0100
+++ scheduler/printers.h 2014-07-09 13:17:38.719987911 +0100
@@ -175,6 +175,7 @@ extern cupsd_quota_t *cupsdUpdateQuota(c
extern const char *cupsdValidateDest(const char *uri,
cups_ptype_t *dtype,
cupsd_printer_t **printer);
+extern int cupsdValidateName(const char *name);
extern void cupsdWritePrintcap(void);