Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
20761796 problem in UTILITY/CUPS
authorJiri Sasek <Jiri.Sasek@Oracle.COM>
Thu, 16 Apr 2015 05:10:57 -0700
changeset 4334 e30c463e2895
parent 4332 feeaeac8a97c
child 4335 c46151b4a238
20761796 problem in UTILITY/CUPS
components/cups/patches/CVE-2014-8166.patch file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/cups/patches/CVE-2014-8166.patch	Thu Apr 16 05:10:57 2015 -0700
@@ -0,0 +1,145 @@
+Source:
+http://openwall.com/lists/oss-security/2015/03/24/2
+
+diff -up cups-1.4.2/scheduler/dirsvc.c.ansi cups-1.4.2/scheduler/dirsvc.c
+--- scheduler/dirsvc.c.ansi	2014-07-09 13:15:37.087313176 +0100
++++ scheduler/dirsvc.c	2014-07-09 13:25:51.415720934 +0100
+@@ -3288,6 +3288,11 @@ process_browse_data(
+   if (hptr && !*hptr)
+     *hptr = '.';			/* Resource FQDN */
+ 
++  if (!cupsdValidateName(name)) {
++    cupsdLogMessage(CUPSD_LOG_DEBUG, "process_browse_data: invalid name...");
++    return;
++  }
++
+   if ((p = cupsdFindDest(name)) == NULL && BrowseShortNames)
+   {
+    /*
+diff -up cups-1.4.2/scheduler/ipp.c.ansi cups-1.4.2/scheduler/ipp.c
+--- scheduler/ipp.c.ansi	2014-07-09 13:13:41.878674069 +0100
++++ scheduler/ipp.c	2014-07-09 13:20:03.451790768 +0100
+@@ -98,8 +98,6 @@
+  *   url_encode_string()         - URL-encode a string.
+  *   user_allowed()              - See if a user is allowed to print to a queue.
+  *   validate_job()              - Validate printer options and destination.
+- *   validate_name()             - Make sure the printer name only contains
+- *                                 valid chars.
+  *   validate_user()             - Validate the user for the request.
+  */
+ 
+@@ -248,7 +246,6 @@ static void	url_encode_attr(ipp_attribut
+ static char	*url_encode_string(const char *s, char *buffer, int bufsize);
+ static int	user_allowed(cupsd_printer_t *p, const char *username);
+ static void	validate_job(cupsd_client_t *con, ipp_attribute_t *uri);
+-static int	validate_name(const char *name);
+ static int	validate_user(cupsd_job_t *job, cupsd_client_t *con,
+ 		              const char *owner, char *username,
+ 		              int userlen);
+@@ -985,7 +982,7 @@ add_class(cupsd_client_t  *con,		/* I -
+   * Do we have a valid printer name?
+   */
+ 
+-  if (!validate_name(resource + 9))
++  if (!cupsdValidateName(resource + 9))
+   {
+    /*
+     * No, return an error...
+@@ -2577,7 +2574,7 @@ add_printer(cupsd_client_t  *con,	/* I -
+   * Do we have a valid printer name?
+   */
+ 
+-  if (!validate_name(resource + 10))
++  if (!cupsdValidateName(resource + 10))
+   {
+    /*
+     * No, return an error...
+@@ -11842,32 +11839,6 @@ validate_job(cupsd_client_t  *con,	/* I
+ }
+ 
+ 
+-/*
+- * 'validate_name()' - Make sure the printer name only contains valid chars.
+- */
+-
+-static int			/* O - 0 if name is no good, 1 if good */
+-validate_name(const char *name)	/* I - Name to check */
+-{
+-  const char	*ptr;		/* Pointer into name */
+-
+-
+- /*
+-  * Scan the whole name...
+-  */
+-
+-  for (ptr = name; *ptr; ptr ++)
+-    if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
+-      return (0);
+-
+- /*
+-  * All the characters are good; validate the length, too...
+-  */
+-
+-  return ((ptr - name) < 128);
+-}
+-
+-
+ /*
+  * 'validate_user()' - Validate the user for the request.
+  */
+diff -up cups-1.4.2/scheduler/printers.c.ansi cups-1.4.2/scheduler/printers.c
+--- scheduler/printers.c.ansi	2014-07-09 13:15:28.635266291 +0100
++++ scheduler/printers.c	2014-07-09 13:19:59.450768573 +0100
+@@ -38,6 +38,8 @@
+  *   cupsdUpdatePrinterPPD()    - Update keywords in a printer's PPD file.
+  *   cupsdUpdatePrinters()      - Update printers after a partial reload.
+  *   cupsdValidateDest()        - Validate a printer/class destination.
++ *   cupsdValidateName()        - Make sure the printer name only contains
++ *                                valid chars.
+  *   cupsdWritePrintcap()       - Write a pseudo-printcap file for older
+  *                                applications that need it...
+  *   add_printer_defaults()     - Add name-default attributes to the printer
+@@ -3265,6 +3267,32 @@ cupsdValidateDest(
+ }
+ 
+ 
++/*
++ * 'cupsdValidateName()' - Make sure the printer name only contains valid chars.
++ */
++
++int			/* O - 0 if name is no good, 1 if good */
++cupsdValidateName(const char *name)	/* I - Name to check */
++{
++  const char	*ptr;		/* Pointer into name */
++
++
++ /*
++  * Scan the whole name...
++  */
++
++  for (ptr = name; *ptr; ptr ++)
++    if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
++      return (0);
++
++ /*
++  * All the characters are good; validate the length, too...
++  */
++
++  return ((ptr - name) < 128);
++}
++
++
+ /*
+  * 'cupsdWritePrintcap()' - Write a pseudo-printcap file for older applications
+  *                          that need it...
+diff -up cups-1.4.2/scheduler/printers.h.ansi cups-1.4.2/scheduler/printers.h
+--- scheduler/printers.h.ansi	2014-07-09 13:14:09.982829975 +0100
++++ scheduler/printers.h	2014-07-09 13:17:38.719987911 +0100
+@@ -175,6 +175,7 @@ extern cupsd_quota_t	*cupsdUpdateQuota(c
+ extern const char	*cupsdValidateDest(const char *uri,
+ 			        	   cups_ptype_t *dtype,
+ 					   cupsd_printer_t **printer);
++extern int		cupsdValidateName(const char *name);
+ extern void		cupsdWritePrintcap(void);
+ 
+
upstream/oracle/userland-gate