PR#1: Fix for CVE-2017-18248 (#1561296) - rpms/cups

rpms / cups

#1 Fix for CVE-2017-18248 (#1561296)

Merged 6 years ago by thozza. Opened 6 years ago by landgraf.

rpms/ landgraf/cups CVE-2017-18248 into master

Fix for CVE-2017-18248 (#1561296)

Pavel Zhukov • 6 years ago

86ced0c

cups-delete_invalid_attrs.patch

file added

+54

		`@@ -0,0 +1,54 @@`
		`+ diff --git a/scheduler/ipp.c b/scheduler/ipp.c`
		`+ index 02dc392..0fc2d07 100644`
		`+ --- a/scheduler/ipp.c`
		`+ +++ b/scheduler/ipp.c`
		`+ @@ -1615,15 +1615,30 @@`
		`+ _("Bad job-name value: Wrong type or count."));`
		`+ if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)`
		`+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;`
		`+ +`
		`+ + if (StrictConformance)`
		`+ return (NULL);`
		`+ +`
		`+ + /* Don't use invalid attribute */`
		`+ + ippDeleteAttribute(con->request, attr);`
		`+ +`
		`+ + ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");`
		`+ }`
		`+ else if (!ippValidateAttribute(attr))`
		`+ {`
		`+ send_ipp_status(con, IPP_ATTRIBUTES, _("Bad job-name value: %s"),`
		`+ cupsLastErrorString());`
		`+ +`
		`+ if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)`
		`+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;`
		`+ +`
		`+ + if (StrictConformance)`
		`+ return (NULL);`
		`+ +`
		`+ + /* Don't use invalid attribute */`
		`+ + ippDeleteAttribute(con->request, attr);`
		`+ +`
		`+ + ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");`
		`+ }`
		`+`
		`+ attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);`
		`+ @@ -1631,9 +1646,17 @@ add_job(cupsd_client_t con, / I - Client connection */`
		`+ if (attr && !ippValidateAttribute(attr))`
		`+ {`
		`+ send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());`
		`+ +`
		`+ if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)`
		`+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;`
		`+ - return (NULL);`
		`+ +`
		`+ + if (StrictConformance)`
		`+ + return (NULL);`
		`+ +`
		`+ + /* Don't use invalid attribute */`
		`+ + ippDeleteAttribute(con->request, attr);`
		`+ +`
		`+ + attr = ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "reqeusting-user-name", NULL, "anonymous");`
		`+ }`
		`+`
		`+ #ifdef WITH_LSPP`

cups.spec

file modified

+7 -1

		`@@ -15,7 +15,7 @@`
		`Name: cups`
		`Epoch: 1`
		`Version: 2.2.6`
		`- Release: 11%{?dist}`
		`+ Release: 12%{?dist}`
		`License: GPLv2`
		`Url: http://www.cups.org/`
		`Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz`
		`@@ -62,6 +62,7 @@`
		`Patch37: cups-synconclose.patch`
		`Patch38: cups-ypbind.patch`
		`Patch39: cups-moved-logs.patch`
		`+ Patch40: cups-delete_invalid_attrs.patch`

		`Patch100: cups-lspp.patch`

		`@@ -267,6 +268,8 @@`
		`# Move log files into journal (bug #1519331)`
		`%patch39 -p1 -b .moved-logs`

		`+ %patch40 -p1 -b .dbus_notify`
		`+`
		`sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in`

		`# Log to the system journal by default (bug #1078781, bug #1519331).`
		`@@ -657,6 +660,9 @@`
		`%{_mandir}/man5/ipptoolfile.5.gz`

		`%changelog`
		`+ * Wed Mar 28 2018 Pavel Zhukov <pzhukov@redhat.com> - 1:2.2.6-12`
		`+ - Fix for CVE-2017-18248`
		`+`
		`* Wed Feb 28 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-11`
		`- remake of 1499261`