19276003 problem in UTILITY/CUPS s11-update
authorMohana Rao Gorai <mohana.gorai@oracle.com>
Mon, 13 Oct 2014 00:04:02 -0700
branchs11-update
changeset 3387 37e41c9fcb4f
parent 3386 b15e4a637bbd
child 3391 e5c18bd08e0d
19276003 problem in UTILITY/CUPS
components/cups/patches/str4356.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/cups/patches/str4356.patch	Mon Oct 13 00:04:02 2014 -0700
@@ -0,0 +1,21 @@
+See : http://www.cups.org/str.php?L4356 for details.
+
+Index: scheduler/client.c
+===================================================================
+--- scheduler/client.c
++++ scheduler/client.c
[email protected]@ -4251,6 +4251,14 @@
+     return (0);
+ 
+  /*
++  * Check for "<" or quotes in the path and reject since this is probably
++  * someone trying to inject HTML...
++  */
++
++  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
++    return (0);
++
++ /*
+   * Check for "/.." in the path...
+   */
+