cups-filters 2.0rc2
Security vulnerability fix and general security and code clean-up of the beh
(Backend Error Handler) backend:
- beh backend: Use
execv()
instead ofsystem()
- CVE-2023-24805
Withexecv()
command line arguments are passed as separate strings and not the full command line in a single string. This prevents arbitrary command execution by escaping the quoting of the arguments in a job with forged job title. - beh backend: Extra checks against odd/forged input - CVE-2023-24805
- Do not allow
/
in the scheme of the URI (= backend executable name), to assure that only backends inside/usr/lib/cups/backend/
are used. - Pre-define scheme buffer to empty string, to be defined for case of URI being NULL.
- URI must have
:
, to split off scheme, otherwise error. - Check return value of
snprintf()
to create call path for the backend, to error out on truncation of a too long scheme or on complete failure due to a completely odd scheme.
- Do not allow
- beh backend: Further improvements - CVE-2023-24805
- Use
strncat()
instead ofstrncpy()
for getting scheme from URI, the latter does not require setting terminating zero byte in case of truncation. - Also exclude
.
or..
as scheme, as directories are not valid CUPS backends. - Do not use
fprintf()
insigterm_handler()
, to not interfere with afprintf()
which could be running in the main process whensigterm_handler()
is triggered. - Use
static volatile int
for global variable job_canceled.
- Use
parallel
backend: Added missing#include
lines