rpms/cups
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix for CVE-2017-18248 (#1561296)

Browse Source
This commit is contained in:
Pavel Zhukov 2018-03-28 17:36:13 +02:00
parent 64bfa2dc8a
commit 86ced0c193
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
cups-delete_invalid_attrs.patch Normal file
View File

@ -0,0 +1,54 @@
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 02dc392..0fc2d07 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -1615,15 +1615,30 @@
_("Bad job-name value: Wrong type or count."));
if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+
+ if (StrictConformance)
return (NULL);
+
+ /* Don't use invalid attribute */
+ ippDeleteAttribute(con->request, attr);
+
+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");
}
else if (!ippValidateAttribute(attr))
{
send_ipp_status(con, IPP_ATTRIBUTES, _("Bad job-name value: %s"),
cupsLastErrorString());
+
if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+
+ if (StrictConformance)
return (NULL);
+
+ /* Don't use invalid attribute */
+ ippDeleteAttribute(con->request, attr);
+
+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");
}
attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
@@ -1631,9 +1646,17 @@ add_job(cupsd_client_t *con, /* I - Client connection */
if (attr && !ippValidateAttribute(attr))
{
send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
+
if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
- return (NULL);
+
+ if (StrictConformance)
+ return (NULL);
+
+ /* Don't use invalid attribute */
+ ippDeleteAttribute(con->request, attr);
+
+ attr = ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "reqeusting-user-name", NULL, "anonymous");
}
#ifdef WITH_LSPP

8
cups.spec
View File

@ -15,7 +15,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.2.6
Release: 11%{?dist}
Release: 12%{?dist}
License: GPLv2
Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -62,6 +62,7 @@ Patch36: cups-web-devices-timeout.patch
Patch37: cups-synconclose.patch
Patch38: cups-ypbind.patch
Patch39: cups-moved-logs.patch
Patch40: cups-delete_invalid_attrs.patch
Patch100: cups-lspp.patch
@ -267,6 +268,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
# Move log files into journal (bug #1519331)
%patch39 -p1 -b .moved-logs
%patch40 -p1 -b .dbus_notify
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
# Log to the system journal by default (bug #1078781, bug #1519331).
@ -657,6 +660,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
* Wed Mar 28 2018 Pavel Zhukov <pzhukov@redhat.com> - 1:2.2.6-12
- Fix for CVE-2017-18248
* Wed Feb 28 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-11
- remake of 1499261