Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/cups/patches/CVE-2014-8166.patch
author Niveditha Rau <Niveditha.Rau@Oracle.COM>
Thu, 16 Feb 2017 16:13:13 -0800
changeset 7685 a7ec984d7d4c
parent 4334 e30c463e2895
permissions -rw-r--r--
25564905 incorrect permissions on some desktop component deliveries in /usr/lib

Source:
http://openwall.com/lists/oss-security/2015/03/24/2

diff -up cups-1.4.2/scheduler/dirsvc.c.ansi cups-1.4.2/scheduler/dirsvc.c
--- scheduler/dirsvc.c.ansi	2014-07-09 13:15:37.087313176 +0100
+++ scheduler/dirsvc.c	2014-07-09 13:25:51.415720934 +0100
@@ -3288,6 +3288,11 @@ process_browse_data(
   if (hptr && !*hptr)
     *hptr = '.';			/* Resource FQDN */
 
+  if (!cupsdValidateName(name)) {
+    cupsdLogMessage(CUPSD_LOG_DEBUG, "process_browse_data: invalid name...");
+    return;
+  }
+
   if ((p = cupsdFindDest(name)) == NULL && BrowseShortNames)
   {
    /*
diff -up cups-1.4.2/scheduler/ipp.c.ansi cups-1.4.2/scheduler/ipp.c
--- scheduler/ipp.c.ansi	2014-07-09 13:13:41.878674069 +0100
+++ scheduler/ipp.c	2014-07-09 13:20:03.451790768 +0100
@@ -98,8 +98,6 @@
  *   url_encode_string()         - URL-encode a string.
  *   user_allowed()              - See if a user is allowed to print to a queue.
  *   validate_job()              - Validate printer options and destination.
- *   validate_name()             - Make sure the printer name only contains
- *                                 valid chars.
  *   validate_user()             - Validate the user for the request.
  */
 
@@ -248,7 +246,6 @@ static void	url_encode_attr(ipp_attribut
 static char	*url_encode_string(const char *s, char *buffer, int bufsize);
 static int	user_allowed(cupsd_printer_t *p, const char *username);
 static void	validate_job(cupsd_client_t *con, ipp_attribute_t *uri);
-static int	validate_name(const char *name);
 static int	validate_user(cupsd_job_t *job, cupsd_client_t *con,
 		              const char *owner, char *username,
 		              int userlen);
@@ -985,7 +982,7 @@ add_class(cupsd_client_t  *con,		/* I -
   * Do we have a valid printer name?
   */
 
-  if (!validate_name(resource + 9))
+  if (!cupsdValidateName(resource + 9))
   {
    /*
     * No, return an error...
@@ -2577,7 +2574,7 @@ add_printer(cupsd_client_t  *con,	/* I -
   * Do we have a valid printer name?
   */
 
-  if (!validate_name(resource + 10))
+  if (!cupsdValidateName(resource + 10))
   {
    /*
     * No, return an error...
@@ -11842,32 +11839,6 @@ validate_job(cupsd_client_t  *con,	/* I
 }
 
 
-/*
- * 'validate_name()' - Make sure the printer name only contains valid chars.
- */
-
-static int			/* O - 0 if name is no good, 1 if good */
-validate_name(const char *name)	/* I - Name to check */
-{
-  const char	*ptr;		/* Pointer into name */
-
-
- /*
-  * Scan the whole name...
-  */
-
-  for (ptr = name; *ptr; ptr ++)
-    if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
-      return (0);
-
- /*
-  * All the characters are good; validate the length, too...
-  */
-
-  return ((ptr - name) < 128);
-}
-
-
 /*
  * 'validate_user()' - Validate the user for the request.
  */
diff -up cups-1.4.2/scheduler/printers.c.ansi cups-1.4.2/scheduler/printers.c
--- scheduler/printers.c.ansi	2014-07-09 13:15:28.635266291 +0100
+++ scheduler/printers.c	2014-07-09 13:19:59.450768573 +0100
@@ -38,6 +38,8 @@
  *   cupsdUpdatePrinterPPD()    - Update keywords in a printer's PPD file.
  *   cupsdUpdatePrinters()      - Update printers after a partial reload.
  *   cupsdValidateDest()        - Validate a printer/class destination.
+ *   cupsdValidateName()        - Make sure the printer name only contains
+ *                                valid chars.
  *   cupsdWritePrintcap()       - Write a pseudo-printcap file for older
  *                                applications that need it...
  *   add_printer_defaults()     - Add name-default attributes to the printer
@@ -3265,6 +3267,32 @@ cupsdValidateDest(
 }
 
 
+/*
+ * 'cupsdValidateName()' - Make sure the printer name only contains valid chars.
+ */
+
+int			/* O - 0 if name is no good, 1 if good */
+cupsdValidateName(const char *name)	/* I - Name to check */
+{
+  const char	*ptr;		/* Pointer into name */
+
+
+ /*
+  * Scan the whole name...
+  */
+
+  for (ptr = name; *ptr; ptr ++)
+    if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
+      return (0);
+
+ /*
+  * All the characters are good; validate the length, too...
+  */
+
+  return ((ptr - name) < 128);
+}
+
+
 /*
  * 'cupsdWritePrintcap()' - Write a pseudo-printcap file for older applications
  *                          that need it...
diff -up cups-1.4.2/scheduler/printers.h.ansi cups-1.4.2/scheduler/printers.h
--- scheduler/printers.h.ansi	2014-07-09 13:14:09.982829975 +0100
+++ scheduler/printers.h	2014-07-09 13:17:38.719987911 +0100
@@ -175,6 +175,7 @@ extern cupsd_quota_t	*cupsdUpdateQuota(c
 extern const char	*cupsdValidateDest(const char *uri,
 			        	   cups_ptype_t *dtype,
 					   cupsd_printer_t **printer);
+extern int		cupsdValidateName(const char *name);
 extern void		cupsdWritePrintcap(void);
upstream/oracle/userland-gate