Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 916761 Details for
Bug 1084577
CVE-2014-8166 cups: code execution via unescape ANSI escape sequences
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
untested patch
cups-ansi.patch (text/plain), 4.72 KB, created by
Tim Waugh
on 2014-07-09 12:41:35 UTC
(
hide
)
Description:
untested patch
Filename:
MIME Type:
Creator:
Tim Waugh
Created:
2014-07-09 12:41:35 UTC
Size:
4.72 KB
patch
obsolete
>diff -up cups-1.4.2/scheduler/dirsvc.c.ansi cups-1.4.2/scheduler/dirsvc.c >--- cups-1.4.2/scheduler/dirsvc.c.ansi 2014-07-09 13:15:37.087313176 +0100 >+++ cups-1.4.2/scheduler/dirsvc.c 2014-07-09 13:25:51.415720934 +0100 >@@ -3288,6 +3288,11 @@ process_browse_data( > if (hptr && !*hptr) > *hptr = '.'; /* Resource FQDN */ > >+ if (!cupsdValidateName(name)) { >+ cupsdLogMessage(CUPSD_LOG_DEBUG, "process_browse_data: invalid name..."); >+ return; >+ } >+ > if ((p = cupsdFindDest(name)) == NULL && BrowseShortNames) > { > /* >diff -up cups-1.4.2/scheduler/ipp.c.ansi cups-1.4.2/scheduler/ipp.c >--- cups-1.4.2/scheduler/ipp.c.ansi 2014-07-09 13:13:41.878674069 +0100 >+++ cups-1.4.2/scheduler/ipp.c 2014-07-09 13:20:03.451790768 +0100 >@@ -98,8 +98,6 @@ > * url_encode_string() - URL-encode a string. > * user_allowed() - See if a user is allowed to print to a queue. > * validate_job() - Validate printer options and destination. >- * validate_name() - Make sure the printer name only contains >- * valid chars. > * validate_user() - Validate the user for the request. > */ > >@@ -248,7 +246,6 @@ static void url_encode_attr(ipp_attribut > static char *url_encode_string(const char *s, char *buffer, int bufsize); > static int user_allowed(cupsd_printer_t *p, const char *username); > static void validate_job(cupsd_client_t *con, ipp_attribute_t *uri); >-static int validate_name(const char *name); > static int validate_user(cupsd_job_t *job, cupsd_client_t *con, > const char *owner, char *username, > int userlen); >@@ -985,7 +982,7 @@ add_class(cupsd_client_t *con, /* I - > * Do we have a valid printer name? > */ > >- if (!validate_name(resource + 9)) >+ if (!cupsdValidateName(resource + 9)) > { > /* > * No, return an error... >@@ -2577,7 +2574,7 @@ add_printer(cupsd_client_t *con, /* I - > * Do we have a valid printer name? > */ > >- if (!validate_name(resource + 10)) >+ if (!cupsdValidateName(resource + 10)) > { > /* > * No, return an error... >@@ -11842,32 +11839,6 @@ validate_job(cupsd_client_t *con, /* I > } > > >-/* >- * 'validate_name()' - Make sure the printer name only contains valid chars. >- */ >- >-static int /* O - 0 if name is no good, 1 if good */ >-validate_name(const char *name) /* I - Name to check */ >-{ >- const char *ptr; /* Pointer into name */ >- >- >- /* >- * Scan the whole name... >- */ >- >- for (ptr = name; *ptr; ptr ++) >- if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#') >- return (0); >- >- /* >- * All the characters are good; validate the length, too... >- */ >- >- return ((ptr - name) < 128); >-} >- >- > /* > * 'validate_user()' - Validate the user for the request. > */ >diff -up cups-1.4.2/scheduler/printers.c.ansi cups-1.4.2/scheduler/printers.c >--- cups-1.4.2/scheduler/printers.c.ansi 2014-07-09 13:15:28.635266291 +0100 >+++ cups-1.4.2/scheduler/printers.c 2014-07-09 13:19:59.450768573 +0100 >@@ -38,6 +38,8 @@ > * cupsdUpdatePrinterPPD() - Update keywords in a printer's PPD file. > * cupsdUpdatePrinters() - Update printers after a partial reload. > * cupsdValidateDest() - Validate a printer/class destination. >+ * cupsdValidateName() - Make sure the printer name only contains >+ * valid chars. > * cupsdWritePrintcap() - Write a pseudo-printcap file for older > * applications that need it... > * add_printer_defaults() - Add name-default attributes to the printer >@@ -3265,6 +3267,32 @@ cupsdValidateDest( > } > > >+/* >+ * 'cupsdValidateName()' - Make sure the printer name only contains valid chars. >+ */ >+ >+int /* O - 0 if name is no good, 1 if good */ >+cupsdValidateName(const char *name) /* I - Name to check */ >+{ >+ const char *ptr; /* Pointer into name */ >+ >+ >+ /* >+ * Scan the whole name... >+ */ >+ >+ for (ptr = name; *ptr; ptr ++) >+ if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#') >+ return (0); >+ >+ /* >+ * All the characters are good; validate the length, too... >+ */ >+ >+ return ((ptr - name) < 128); >+} >+ >+ > /* > * 'cupsdWritePrintcap()' - Write a pseudo-printcap file for older applications > * that need it... >diff -up cups-1.4.2/scheduler/printers.h.ansi cups-1.4.2/scheduler/printers.h >--- cups-1.4.2/scheduler/printers.h.ansi 2014-07-09 13:14:09.982829975 +0100 >+++ cups-1.4.2/scheduler/printers.h 2014-07-09 13:17:38.719987911 +0100 >@@ -175,6 +175,7 @@ extern cupsd_quota_t *cupsdUpdateQuota(c > extern const char *cupsdValidateDest(const char *uri, > cups_ptype_t *dtype, > cupsd_printer_t **printer); >+extern int cupsdValidateName(const char *name); > extern void cupsdWritePrintcap(void); > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=916761">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1084577
: 916761