rpms/cups
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c

Browse Source
This commit is contained in:
Zdenek Dohnal 2020-04-22 09:43:23 +02:00
parent 66b8b42030
commit c1920d09b8
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
cups-ppdopen-heap-overflow.patch Normal file
View File

@ -0,0 +1,42 @@
diff --git a/cups/ppd.c b/cups/ppd.c
index ff52df2e..199cf034 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -1719,8 +1719,7 @@ _ppdOpen(
constraint->choice1, constraint->option2,
constraint->choice2))
{
- case 0 : /* Error */
- case 1 : /* Error */
+ default : /* Error */
pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
goto error;
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
index c25d4966..236c00db 100644
--- a/ppdc/ppdc-source.cxx
+++ b/ppdc/ppdc-source.cxx
@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
{
- case 0 :
- _cupsLangPrintf(stderr,
- _("ppdc: Bad resolution name \"%s\" on line %d of "
- "%s."), name, fp->line, fp->filename);
- break;
case 1 :
ydpi = xdpi;
break;
- }
+ case 2 :
+ break;
+ default :
+ _cupsLangPrintf(stderr,
+ _("ppdc: Bad resolution name \"%s\" on line %d of "
+ "%s."), name, fp->line, fp->filename);
+ break;
+}
// Create the necessary PS commands...
snprintf(command, sizeof(command),

9
cups.spec
View File

@ -15,7 +15,7 @@ Summary: CUPS printing system
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.3.1 Version: 2.3.1
Release: 8%{?dist} Release: 9%{?dist}
License: ASL 2.0 with exceptions for GPL2/LGPL2 License: ASL 2.0 with exceptions for GPL2/LGPL2
Url: http://www.cups.org/ Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -95,6 +95,8 @@ Patch22: cups-autostart-when-enabled.patch
Patch100: cups-lspp.patch Patch100: cups-lspp.patch
#### UPSTREAM PATCHES #### #### UPSTREAM PATCHES ####
# 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
Patch23: cups-ppdopen-heap-overflow.patch
##### Patches removed because IMHO they aren't no longer needed ##### Patches removed because IMHO they aren't no longer needed
##### but still I'll leave them in git in case their removal ##### but still I'll leave them in git in case their removal
@ -301,6 +303,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
%patch22 -p1 -b .autostart-when-enabled %patch22 -p1 -b .autostart-when-enabled
#### UPSTREAMED PATCHES #### #### UPSTREAMED PATCHES ####
# 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
%patch23 -p1 -b .ppdopen-heap-overflow
# removed dbus patch - seems breaking things # removed dbus patch - seems breaking things
# Fix implementation of com.redhat.PrinterSpooler D-Bus object. # Fix implementation of com.redhat.PrinterSpooler D-Bus object.
@ -727,6 +731,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man7/ippevepcl.7.gz %{_mandir}/man7/ippevepcl.7.gz
%changelog %changelog
* Tue Apr 21 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.1-9
- 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
* Wed Apr 08 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.1-8 * Wed Apr 08 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.1-8
- 1822154 - cups.service doesn't execute automatically on request - 1822154 - cups.service doesn't execute automatically on request