19276003 problem in UTILITY/CUPS s11u2-sru
authorMohana Rao Gorai <mohana.gorai@oracle.com>
Mon, 13 Oct 2014 02:16:00 -0700
branchs11u2-sru
changeset 3389 b77a52ff5cfd
parent 3388 68cefdb716e2
child 3390 b1b8d4b96c7f
19276003 problem in UTILITY/CUPS
components/cups/patches/str4356.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/cups/patches/str4356.patch	Mon Oct 13 02:16:00 2014 -0700
@@ -0,0 +1,21 @@
+See : http://www.cups.org/str.php?L4356 for details.
+
+Index: scheduler/client.c
+===================================================================
+--- scheduler/client.c
++++ scheduler/client.c
[email protected]@ -4251,6 +4251,14 @@
+     return (0);
+ 
+  /*
++  * Check for "<" or quotes in the path and reject since this is probably
++  * someone trying to inject HTML...
++  */
++
++  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
++    return (0);
++
++ /*
+   * Check for "/.." in the path...
+   */
+