rpms/cups
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are

Browse Source 
not moved in array operations, only pointers to them.
This commit is contained in:
Tim Waugh 2007-11-30 09:22:14 +00:00
parent b0dd15a49e
commit 3caba5fe91
2 changed files with 4 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
cups-CVE-2007-4045.patch
View File

@ -1,46 +0,0 @@
diff -up cups-1.3.4/scheduler/client.c.CVE-2007-4045 cups-1.3.4/scheduler/client.c
--- cups-1.3.4/scheduler/client.c.CVE-2007-4045 2007-11-07 21:11:58.000000000 +0000
+++ cups-1.3.4/scheduler/client.c 2007-11-07 21:13:26.000000000 +0000
@@ -114,6 +114,25 @@ static int write_file(cupsd_client_t *c
static void write_pipe(cupsd_client_t *con);
+void
+_cupsdFixClientsBIO(void)
+{
+#ifdef HAVE_LIBSSL
+ cupsd_client_t *c;
+ BIO *bio;
+ cupsArraySave (Clients);
+ for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
+ c;
+ c = (cupsd_client_t *)cupsArrayNext(Clients))
+ {
+ if (c->http.tls)
+ BIO_ctrl(SSL_get_wbio(c->http.tls), BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
+ }
+ cupsArrayRestore (Clients);
+#endif
+}
+
+
/*
* 'cupsdAcceptClient()' - Accept a new client.
*/
@@ -451,6 +470,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
}
cupsArrayAdd(Clients, con);
+ _cupsdFixClientsBIO();
cupsdLogMessage(CUPSD_LOG_DEBUG2,
"cupsdAcceptClient: %d connected to server on %s:%d",
@@ -735,6 +755,7 @@ cupsdCloseClient(cupsd_client_t *con) /*
*/
cupsArrayRemove(Clients, con);
+ _cupsdFixClientsBIO();
free(con);
}
diff -up cups-1.3.4/scheduler/main.c.CVE-2007-4045 cups-1.3.4/scheduler/main.c

6
cups.spec
View File

@ -45,7 +45,6 @@ Patch20: cups-getpass.patch
Patch21: cups-driverd-timeout.patch Patch21: cups-driverd-timeout.patch
Patch25: cups-usb-paperout.patch Patch25: cups-usb-paperout.patch
Patch26: cups-CVE-2007-4352,5392,5393.patch Patch26: cups-CVE-2007-4352,5392,5393.patch
Patch27: cups-CVE-2007-4045.patch
Patch100: cups-lspp.patch Patch100: cups-lspp.patch
Epoch: 1 Epoch: 1
Url: http://www.cups.org/ Url: http://www.cups.org/
@ -157,7 +156,6 @@ lpd emulation.
%patch21 -p1 -b .driverd-timeout %patch21 -p1 -b .driverd-timeout
%patch25 -p1 -b .usb-paperout %patch25 -p1 -b .usb-paperout
%patch26 -p1 -b .CVE-2007-4352,5392,5393 %patch26 -p1 -b .CVE-2007-4352,5392,5393
%patch27 -p1 -b .CVE-2007-4045
%if %lspp %if %lspp
%patch100 -p1 -b .lspp %patch100 -p1 -b .lspp
@ -449,6 +447,10 @@ rm -rf $RPM_BUILD_ROOT
%{cups_serverbin}/daemon/cups-lpd %{cups_serverbin}/daemon/cups-lpd
%changelog %changelog
* Fri Nov 30 2007 Tim Waugh <twaugh@redhat.com>
- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are
not moved in array operations, only pointers to them.
* Tue Nov 27 2007 Tim Waugh <twaugh@redhat.com> * Tue Nov 27 2007 Tim Waugh <twaugh@redhat.com>
- Updated to improved dnssd backend from Till Kamppeter. - Updated to improved dnssd backend from Till Kamppeter.