From aa750dde9d78ecfafc2c57ace78686494ef54bb3 Mon Sep 17 00:00:00 2001 From: liubo0711 <1191322237@qq.com> Date: Mon, 4 Nov 2024 15:55:24 +0800 Subject: [PATCH] SECURITY UPDATE --- cups/http-addr.c | 41 ++++---- cups/ppd-cache.c | 239 +++++++++++++++++++++++++++++++++-------------- debian/changelog | 14 +++ scheduler/conf.c | 65 +++++++------ scheduler/ipp.c | 9 +- 5 files changed, 242 insertions(+), 126 deletions(-) diff --git a/cups/http-addr.c b/cups/http-addr.c index 6aeeb80..8ccfc4e 100644 --- a/cups/http-addr.c +++ b/cups/http-addr.c @@ -202,31 +202,30 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ { mode_t mask; /* Umask setting */ - /* - * Remove any existing domain socket file... - */ + // Remove any existing domain socket file... + if ((status = unlink(addr->un.sun_path)) < 0) + { + DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno))); - unlink(addr->un.sun_path); + if (errno == ENOENT) + status = 0; + } - /* - * Save the current umask and set it to 0 so that all users can access - * the domain socket... - */ + if (!status) + { + // Save the current umask and set it to 0 so that all users can access + // the domain socket... + mask = umask(0); - mask = umask(0); + // Bind the domain socket... + if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) + { + DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno))); + } - /* - * Bind the domain socket... - */ - - status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); - - /* - * Restore the umask and fix permissions... - */ - - umask(mask); - chmod(addr->un.sun_path, 0140777); + // Restore the umask... + umask(mask); + } } else #endif /* AF_LOCAL */ diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c index 6e8d31d..33e9f9d 100644 --- a/cups/ppd-cache.c +++ b/cups/ppd-cache.c @@ -32,6 +32,7 @@ static int cups_connect(http_t **http, const char *url, char *resource, size_t ressize); static int cups_get_url(http_t **http, const char *url, char *name, size_t namesize); static const char *ppd_inputslot_for_keyword(_ppd_cache_t *pc, const char *keyword); +static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, cups_array_t *strings, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid); static void pwg_add_finishing(cups_array_t *finishings, ipp_finishings_t template, const char *name, const char *value); static void pwg_add_message(cups_array_t *a, const char *msg, const char *str); static int pwg_compare_finishings(_pwg_finishings_t *a, _pwg_finishings_t *b); @@ -4230,9 +4231,10 @@ _ppdCreateFromIPP2( ipp_t *media_col, /* Media collection */ *media_size; /* Media size collection */ char make[256], /* Make and model */ - *model, /* Model name */ + *mptr, /* Pointer into make and model */ ppdname[PPD_MAX_NAME]; /* PPD keyword */ + const char *model; /* Model name */ int i, j, /* Looping vars */ count, /* Number of values */ bottom, /* Largest bottom margin */ @@ -4254,8 +4256,7 @@ _ppdCreateFromIPP2( int have_qdraft = 0,/* Have draft quality? */ have_qhigh = 0; /* Have high quality? */ char msgid[256]; /* Message identifier (attr.value) */ - const char *keyword, /* Keyword value */ - *msgstr; /* Localized string */ + const char *keyword; /* Keyword value */ cups_array_t *strings = NULL;/* Printer strings file */ struct lconv *loc = localeconv(); /* Locale data */ @@ -4292,6 +4293,92 @@ _ppdCreateFromIPP2( return (NULL); } + /* + * Get a sanitized make and model... + */ + + if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr)) + { + /* + * Sanitize the model name to only contain PPD-safe characters. + */ + + strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make)); + + for (mptr = make; *mptr; mptr ++) + { + if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"') + { + /* + * Truncate the make and model on the first bad character... + */ + + *mptr = '\0'; + break; + } + } + + while (mptr > make) + { + /* + * Strip trailing whitespace... + */ + + mptr --; + if (*mptr == ' ') + *mptr = '\0'; + } + + if (!make[0]) + { + /* + * Use a default make and model if nothing remains... + */ + + strlcpy(make, "Unknown", sizeof(make)); + } + } + else + { + /* + * Use a default make and model... + */ + + strlcpy(make, "Unknown", sizeof(make)); + } + + if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) || !_cups_strncasecmp(make, "Hewlett-Packard ", 16)) + { + /* + * Normalize HP printer make and model... + */ + + model = make + 16; + strlcpy(make, "HP", sizeof(make)); + + if (!_cups_strncasecmp(model, "HP ", 3)) + model += 3; + } + else if ((mptr = strchr(make, ' ')) != NULL) + { + /* + * Separate "MAKE MODEL"... + */ + + while (*mptr && *mptr == ' ') + *mptr++ = '\0'; + + model = mptr; + } + else + { + /* + * No separate model name... + */ + + model = "Printer"; + } + /* * Standard stuff for PPD file... */ @@ -4305,22 +4392,6 @@ _ppdCreateFromIPP2( cupsFilePuts(fp, "*LanguageLevel: \"3\"\n"); cupsFilePuts(fp, "*FileSystem: False\n"); cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n"); - - if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL) - strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make)); - else - strlcpy(make, "Unknown Printer", sizeof(make)); - - if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) || !_cups_strncasecmp(make, "Hewlett-Packard ", 16)) - { - model = make + 16; - strlcpy(make, "HP", sizeof(make)); - } - else if ((model = strchr(make, ' ')) != NULL) - *model++ = '\0'; - else - model = make; - cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make); cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model); cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model); @@ -4350,13 +4421,13 @@ _ppdCreateFromIPP2( } cupsFilePuts(fp, "\"\n"); - if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL)); - if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); - if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) { http_t *http = NULL; /* Connection to printer */ char stringsfile[1024]; /* Temporary strings file */ @@ -4400,7 +4471,7 @@ _ppdCreateFromIPP2( response = cupsDoRequest(http, request, resource); - if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL) + if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) cupsFilePrintf(fp, "*cupsStringsURI %s: \"%s\"\n", keyword, ippGetString(attr, 0, NULL)); ippDelete(response); @@ -4422,10 +4493,10 @@ _ppdCreateFromIPP2( if (ippGetBoolean(ippFindAttribute(supported, "job-accounting-user-id-supported", IPP_TAG_BOOLEAN), 0)) cupsFilePuts(fp, "*cupsJobAccountingUserId: True\n"); - if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n", ippGetString(attr, 0, NULL)); - if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr)) { char prefix = '\"'; // Prefix for string @@ -4443,7 +4514,7 @@ _ppdCreateFromIPP2( cupsFilePuts(fp, "\"\n"); } - if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr)) { char prefix = '\"'; // Prefix for string @@ -4990,18 +5061,16 @@ _ppdCreateFromIPP2( cupsFilePrintf(fp, "*DefaultInputSlot: %s\n", ppdname); for (j = 0; j < (int)(sizeof(sources) / sizeof(sources[0])); j ++) + { if (!strcmp(sources[j], keyword)) { snprintf(msgid, sizeof(msgid), "media-source.%s", keyword); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; - cupsFilePrintf(fp, "*InputSlot %s: \"<>setpagedevice\"\n", ppdname, j); - cupsFilePrintf(fp, "*%s.InputSlot %s/%s: \"\"\n", lang->language, ppdname, msgstr); + ppd_put_string(fp, lang, strings, "InputSlot", ppdname, msgid); break; } + } } cupsFilePuts(fp, "*CloseUI: *InputSlot\n"); } @@ -5027,12 +5096,9 @@ _ppdCreateFromIPP2( pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); snprintf(msgid, sizeof(msgid), "media-type.%s", keyword); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; cupsFilePrintf(fp, "*MediaType %s: \"<>setpagedevice\"\n", ppdname, ppdname); - cupsFilePrintf(fp, "*%s.MediaType %s/%s: \"\"\n", lang->language, ppdname, msgstr); + ppd_put_string(fp, lang, strings, "MediaType", ppdname, msgid); } cupsFilePuts(fp, "*CloseUI: *MediaType\n"); } @@ -5493,12 +5559,9 @@ _ppdCreateFromIPP2( pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); snprintf(msgid, sizeof(msgid), "output-bin.%s", keyword); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname); - cupsFilePrintf(fp, "*%s.OutputBin %s/%s: \"\"\n", lang->language, ppdname, msgstr); + ppd_put_string(fp, lang, strings, "OutputBin", ppdname, msgid); if ((tray_ptr = ippGetOctetString(trays, i, &tray_len)) != NULL) { @@ -5617,9 +5680,6 @@ _ppdCreateFromIPP2( cupsArrayAdd(names, (char *)keyword); snprintf(msgid, sizeof(msgid), "finishings.%d", value); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; @@ -5634,7 +5694,7 @@ _ppdCreateFromIPP2( continue; cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword); - cupsFilePrintf(fp, "*%s.StapleLocation %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); + ppd_put_string(fp, lang, strings, "StapleLocation", ppd_keyword, msgid); cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n", value, keyword, ppd_keyword); } @@ -5697,9 +5757,6 @@ _ppdCreateFromIPP2( cupsArrayAdd(names, (char *)keyword); snprintf(msgid, sizeof(msgid), "finishings.%d", value); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; @@ -5714,7 +5771,7 @@ _ppdCreateFromIPP2( continue; cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword); - cupsFilePrintf(fp, "*%s.FoldType %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); + ppd_put_string(fp, lang, strings, "FoldType", ppd_keyword, msgid); cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n", value, keyword, ppd_keyword); } @@ -5785,9 +5842,6 @@ _ppdCreateFromIPP2( cupsArrayAdd(names, (char *)keyword); snprintf(msgid, sizeof(msgid), "finishings.%d", value); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; @@ -5802,7 +5856,7 @@ _ppdCreateFromIPP2( continue; cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword); - cupsFilePrintf(fp, "*%s.PunchMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); + ppd_put_string(fp, lang, strings, "PunchMedia", ppd_keyword, msgid); cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n", value, keyword, ppd_keyword); } @@ -5873,9 +5927,6 @@ _ppdCreateFromIPP2( cupsArrayAdd(names, (char *)keyword); snprintf(msgid, sizeof(msgid), "finishings.%d", value); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; if (value == IPP_FINISHINGS_TRIM) ppd_keyword = "Auto"; @@ -5883,7 +5934,7 @@ _ppdCreateFromIPP2( ppd_keyword = trim_keywords[value - IPP_FINISHINGS_TRIM_AFTER_PAGES]; cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword); - cupsFilePrintf(fp, "*%s.CutMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); + ppd_put_string(fp, lang, strings, "CutMedia", ppd_keyword, msgid); cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n", value, keyword, ppd_keyword); } @@ -5922,12 +5973,11 @@ _ppdCreateFromIPP2( cupsArrayAdd(templates, (void *)keyword); - snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); - cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", keyword); + snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword); + + cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname); for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col)) { if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) @@ -5940,7 +5990,7 @@ _ppdCreateFromIPP2( } } cupsFilePuts(fp, "\"\n"); - cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, keyword, msgstr); + ppd_put_string(fp, lang, strings, "cupsFinishingTemplate", ppdname, msgid); cupsFilePuts(fp, "*End\n"); } @@ -5976,9 +6026,8 @@ _ppdCreateFromIPP2( { ipp_t *preset = ippGetCollection(attr, i); /* Preset collection */ - const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL), + const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL); /* Preset name */ - *localized_name; /* Localized preset name */ ipp_attribute_t *member; /* Member attribute in preset */ const char *member_name; /* Member attribute name */ char member_value[256]; /* Member attribute value */ @@ -5986,7 +6035,8 @@ _ppdCreateFromIPP2( if (!preset || !preset_name) continue; - cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name); + pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); + cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname); for (member = ippFirstAttribute(preset); member; member = ippNextAttribute(preset)) { member_name = ippGetName(member); @@ -6027,7 +6077,10 @@ _ppdCreateFromIPP2( fin_col = ippGetCollection(member, i); if ((keyword = ippGetString(ippFindAttribute(fin_col, "finishing-template", IPP_TAG_ZERO), 0, NULL)) != NULL) - cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword); + { + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); + cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname); + } } } else if (!strcmp(member_name, "media")) @@ -6054,13 +6107,13 @@ _ppdCreateFromIPP2( if ((keyword = ippGetString(ippFindAttribute(media_col, "media-source", IPP_TAG_ZERO), 0, NULL)) != NULL) { pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); - cupsFilePrintf(fp, "*InputSlot %s\n", keyword); + cupsFilePrintf(fp, "*InputSlot %s\n", ppdname); } if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", IPP_TAG_ZERO), 0, NULL)) != NULL) { pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); - cupsFilePrintf(fp, "*MediaType %s\n", keyword); + cupsFilePrintf(fp, "*MediaType %s\n", ppdname); } } else if (!strcmp(member_name, "print-quality")) @@ -6105,8 +6158,9 @@ _ppdCreateFromIPP2( cupsFilePuts(fp, "\"\n*End\n"); - if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name) - cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, preset_name, localized_name); + snprintf(msgid, sizeof(msgid), "preset-name.%s", preset_name); + pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); + ppd_put_string(fp, lang, strings, "APPrinterPreset", ppdname, msgid); } } @@ -6377,6 +6431,43 @@ cups_get_url(http_t **http, /* IO - Current HTTP connection */ } +/* + * 'ppd_put_strings()' - Write localization attributes to a PPD file. + */ + +static void +ppd_put_string(cups_file_t *fp, /* I - PPD file */ + cups_lang_t *lang, /* I - Language */ + cups_array_t *strings, /* I - Strings */ + const char *ppd_option,/* I - PPD option */ + const char *ppd_choice,/* I - PPD choice */ + const char *pwg_msgid) /* I - PWG message ID */ +{ + const char *text; /* Localized text */ + + + if ((text = _cupsLangString(lang, pwg_msgid)) == pwg_msgid || !strcmp(pwg_msgid, text)) + { + if ((text = _cupsMessageLookup(strings, pwg_msgid)) == pwg_msgid) + return; + } + + // Add the first line of localized text... + cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice); + while (*text && *text != '\n') + { + // Escape ":" and "<"... + if (*text == ':' || *text == '<') + cupsFilePrintf(fp, "<%02X>", *text); + else + cupsFilePutChar(fp, *text); + + text ++; + } + cupsFilePuts(fp, ": \"\"\n"); +} + + /* * 'pwg_add_finishing()' - Add a finishings value. */ @@ -6490,7 +6581,7 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ *end; /* End of name buffer */ - if (!ipp) + if (!ipp || !_cups_isalnum(*ipp)) { *name = '\0'; return; @@ -6505,8 +6596,14 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ ipp ++; *ptr++ = (char)toupper(*ipp++ & 255); } - else + else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp)) + { *ptr++ = *ipp++; + } + else + { + ipp ++; + } } *ptr = '\0'; diff --git a/debian/changelog b/debian/changelog index e0f37ce..e8ecf9b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +cups (2.4.7-ok2) nile; urgency=medium + + * SECURITY UPDATE: PPD injection issues (LP: #2082335) - + debian/patches/sec-202409-1.patch: validate URIs, attribute names, + and capabilities in cups/ppd-cache.c, scheduler/ipp.c. - + debian/patches/sec-202409-2.patch: sanitize make and model in + cups/ppd-cache.c. - debian/patches/sec-202409-3.patch: PPDize + preset and template names in cups/ppd-cache.c. - + debian/patches/sec-202409-4.patch: quote PPD localized strings in + cups/ppd-cache.c. - debian/patches/sec-202409-5.patch: fix + warnings in cups/ppd-cache.c. - CVE number pending + + -- liubo01 Mon, 04 Nov 2024 15:55:24 +0800 + cups (2.4.7-ok1) nile; urgency=medium * Update upstream version diff --git a/scheduler/conf.c b/scheduler/conf.c index c74745c..a1e92c3 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -558,6 +558,18 @@ cupsdReadConfiguration(void) cupsdDeleteAllListeners(); + /* + * Allocate array Listeners + */ + + Listeners = cupsArrayNew(NULL, NULL); + + if (!Listeners) + { + fprintf(stderr, "Unable to allocate memory for array Listeners."); + return (0); + } + old_remote_port = RemotePort; RemotePort = 0; @@ -1043,28 +1055,6 @@ cupsdReadConfiguration(void) } } - /* - * Check that we have at least one listen/port line; if not, report this - * as an error and exit! - */ - - if (cupsArrayCount(Listeners) == 0) - { - /* - * No listeners! - */ - - cupsdLogMessage(CUPSD_LOG_EMERG, - "No valid Listen or Port lines were found in the " - "configuration file."); - - /* - * Commit suicide... - */ - - cupsdEndProcess(getpid(), 0); - } - /* * Set the default locale using the language and charset... */ @@ -3085,6 +3075,26 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ cupsd_listener_t *lis; /* New listeners array */ + /* + * If we are launched on-demand, do not use domain sockets from the config + * file. Also check that the domain socket path is not too long... + */ + +#ifdef HAVE_ONDEMAND + if (*value == '/' && OnDemand) + { + if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) + cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); + continue; + } +#endif // HAVE_ONDEMAND + + if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) + { + cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); + continue; + } + /* * Get the address list... */ @@ -3133,17 +3143,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ * Allocate another listener... */ - if (!Listeners) - Listeners = cupsArrayNew(NULL, NULL); - - if (!Listeners) - { - cupsdLogMessage(CUPSD_LOG_ERROR, - "Unable to allocate %s at line %d - %s.", - line, linenum, strerror(errno)); - break; - } - if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL) { cupsdLogMessage(CUPSD_LOG_ERROR, diff --git a/scheduler/ipp.c b/scheduler/ipp.c index 68428db..614802d 100644 --- a/scheduler/ipp.c +++ b/scheduler/ipp.c @@ -1,7 +1,7 @@ /* * IPP routines for the CUPS scheduler. * - * Copyright © 2020-2023 by OpenPrinting + * Copyright © 2020-2024 by OpenPrinting * Copyright © 2007-2021 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * @@ -5413,6 +5413,13 @@ create_local_bg_thread( } } + // Validate response from printer... + if (!ippValidateAttributes(response)) + { + send_ipp_status(con, IPP_STATUS_ERROR_DEVICE, _("Printer returned invalid data: %s"), cupsLastErrorString()); + goto finish_response; + } + // TODO: Grab printer icon file... httpClose(http);