Skip to content

Commit de4f8c1

Browse files
committed
scheduler/cert.c: Fix string comparison (fixes CVE-2022-26691)
The previous algorithm didn't expect the strings can have a different length, so one string can be a substring of the other and such substring was reported as equal to the longer string.
1 parent 498fd9f commit de4f8c1

File tree

2 files changed

+9
-1
lines changed

2 files changed

+9
-1
lines changed

Diff for: CHANGES.md

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ CHANGES - OpenPrinting CUPS 2.4.1 - 2022-01-27
44
Changes in CUPS v2.4.2 (TBA)
55
----------------------------
66

7+
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
78
- The `cupsFileOpen` function no longer opens files for append in read-write
89
mode (Issue #291)
910
- The cupsd daemon removed processing temporary queue (Issue #364)

Diff for: scheduler/cert.c

+8-1
Original file line numberDiff line numberDiff line change
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
444444
b ++;
445445
}
446446

447-
return (result);
447+
/*
448+
* The while loop finishes when *a == '\0' or *b == '\0'
449+
* so after the while loop either both *a and *b == '\0',
450+
* or one points inside a string, so when we apply logical OR on *a,
451+
* *b and result, we get a non-zero return value if the compared strings don't match.
452+
*/
453+
454+
return (result | *a | *b);
448455
}

0 commit comments

Comments
 (0)