From 062d1b76c54865ab08aaa38de4f099e463555d2e Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: Mon, 1 Feb 2021 14:34:02 +0100 Subject: [PATCH] 1909980 - cupsd crashes on parsing malformed Brother PPD --- ...ether-option-variable-exists-or-not-.patch | 35 +++++++++++++++++++ cups.spec | 7 ++++ 2 files changed, 42 insertions(+) create mode 100644 0001-Add-check-for-whether-option-variable-exists-or-not-.patch diff --git a/0001-Add-check-for-whether-option-variable-exists-or-not-.patch b/0001-Add-check-for-whether-option-variable-exists-or-not-.patch new file mode 100644 index 0000000..f93498d --- /dev/null +++ b/0001-Add-check-for-whether-option-variable-exists-or-not-.patch @@ -0,0 +1,35 @@ +From 96a6f61db6eb0fc450e00168903b795c57b033cb Mon Sep 17 00:00:00 2001 +From: = +Date: Sat, 23 Jan 2021 00:44:09 +0530 +Subject: [PATCH] Add check for whether 'option' variable exists or not for + closeUI and JCLCloseUI lines in ppd.c + +--- + cups/ppd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cups/ppd.c b/cups/ppd.c +index ae411cb3a..a82c8a584 100644 +--- a/cups/ppd.c ++++ b/cups/ppd.c +@@ -1496,7 +1496,7 @@ _ppdOpen( + goto error; + } + +- if (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7)) ++ if (option && (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7))) + { + /* + * "*DefaultOption: Custom..." may set the default to a custom value +@@ -1531,7 +1531,7 @@ _ppdOpen( + goto error; + } + +- if (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7)) ++ if (option && (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7))) + { + /* + * "*DefaultOption: Custom..." may set the default to a custom value +-- +2.26.2 + diff --git a/cups.spec b/cups.spec index 1a1a338..63b0bd3 100644 --- a/cups.spec +++ b/cups.spec @@ -75,6 +75,9 @@ Patch1000: cve-2020-10001-ippReadIO-buffer.patch # help.cgi segfaulted because it compared NULL in strcmp() # backported from upstream https://github.com/OpenPrinting/cups/pull/81 Patch1001: cups-helpcgi-segfault.patch +# 1909980 - cupsd crashes on parsing malformed Brother PPD +# backported from upstream https://github.com/OpenPrinting/cups/pull/78 +Patch1002: 0001-Add-check-for-whether-option-variable-exists-or-not-.patch ##### Patches removed because IMHO they aren't no longer needed ##### but still I'll leave them in git in case their removal @@ -279,6 +282,9 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in %patch1000 -p1 -b .cve2020-10001 # 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV %patch1001 -p1 -b .helpcgi-segfault +# 1909980 - cupsd crashes on parsing malformed Brother PPD +%patch1002 -p1 -b .malformed-ppd-crash + %if %{lspp} @@ -689,6 +695,7 @@ rm -f %{cups_serverbin}/backend/smb - fix for CVE-2020-10001 - recommend nss-mdns for Fedora to have a working default for now - 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV +- 1909980 - cupsd crashes on parsing malformed Brother PPD * Thu Jan 28 2021 Zdenek Dohnal - 1:2.3.3op1-3 - remove nss-mdns dependency - let the user decide whether use resolved or nss-mdns