This is the patch which is present in release v2.4.17:
a0c62c1
This is the patch on master:
88516bf
The difference is in
- if (!_cups_strcasecmp(name, "@OWNER") && owner &&
- !_cups_strcasecmp(username, ownername))
- !strcmp(pw->pw_name, ownername))
+ if (!_cups_strcasecmp(name, "@OWNER") && owner && pw &&
+ !strcmp(pw->pw_name, ownername))
Which leads to a null pointer dereference in the release version if the user does not exist on the machine:
[🡕] Process 647 (cupsd) of user 0 dumped core.
Module /usr/bin/cupsd from rpm cups-2.4.17-1.fc43.x86_64
Module libffi.so.8 from rpm libffi-3.5.2-1.fc43.x86_64
Module libgmp.so.10 from rpm gmp-6.3.0-4.fc43.x86_64
Module libnettle.so.8 from rpm nettle-3.10.1-2.fc43.x86_64
Module libhogweed.so.6 from rpm nettle-3.10.1-2.fc43.x86_64
Module libtasn1.so.6 from rpm libtasn1-4.21.0-1.fc43.x86_64
Module libunistring.so.5 from rpm libunistring-1.1-10.fc43.x86_64
Module libidn2.so.0 from rpm libidn2-2.3.8-2.fc43.x86_64
Module libp11-kit.so.0 from rpm p11-kit-0.26.2-1.fc43.x86_64
Module libz.so.1 from rpm zlib-ng-2.3.3-2.fc43.x86_64
Module libgnutls.so.30 from rpm gnutls-3.8.12-1.fc43.x86_64
Module libpcre2-8.so.0 from rpm pcre2-10.47-1.fc43.x86_64
Module libcap-ng.so.0 from rpm libcap-ng-0.9.3-1.fc43.x86_64
Module libcrypto.so.3 from rpm openssl-3.5.4-2.fc43.x86_64
Module libkeyutils.so.1 from rpm keyutils-1.6.3-6.fc43.x86_64
Module libkrb5support.so.0 from rpm krb5-1.22.2-3.fc43.x86_64
Module libcom_err.so.2 from rpm e2fsprogs-1.47.3-2.fc43.x86_64
Module libk5crypto.so.3 from rpm krb5-1.22.2-3.fc43.x86_64
Module libkrb5.so.3 from rpm krb5-1.22.2-3.fc43.x86_64
Module libcap.so.2 from rpm libcap-2.76-4.fc43.x86_64
Module libattr.so.1 from rpm attr-2.5.2-6.fc43.x86_64
Module libeconf.so.0 from rpm libeconf-0.7.9-2.fc43.x86_64
Module libcups.so.2 from rpm cups-2.4.17-1.fc43.x86_64
Module libselinux.so.1 from rpm libselinux-3.9-5.fc43.x86_64
Module libaudit.so.1 from rpm audit-4.1.4-1.fc43.x86_64
Module libgssapi_krb5.so.2 from rpm krb5-1.22.2-3.fc43.x86_64
Module libsystemd.so.0 from rpm systemd-258.7-1.fc43.x86_64
Module libdbus-1.so.3 from rpm dbus-1.16.0-4.fc43.x86_64
Module libacl.so.1 from rpm acl-2.3.2-4.fc43.x86_64
Module libavahi-client.so.3 from rpm avahi-0.9~rc2-6.fc43.x86_64
Module libavahi-common.so.3 from rpm avahi-0.9~rc2-6.fc43.x86_64
Module libpam.so.0 from rpm pam-1.7.1-4.fc43.x86_64
Stack trace of thread 647:
#0 0x000055f578f68846 cupsdIsAuthorized (/usr/bin/cupsd + 0x9846)
#1 0x000055f578f962f2 validate_user.lto_priv.0 (/usr/bin/cupsd + 0x372f2)
#2 0x000055f578f83742 cupsdProcessIPPRequest.isra.0 (/usr/bin/cupsd + 0x24742)
#3 0x000055f578f6d4b9 cupsdReadClient (/usr/bin/cupsd + 0xe4b9)
#4 0x000055f578f64dbd main (/usr/bin/cupsd + 0x5dbd)
#5 0x00007fb5323bc5b5 __libc_start_call_main (libc.so.6 + 0x35b5)
#6 0x00007fb5323bc668 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x3668)
#7 0x000055f578f65115 _start (/usr/bin/cupsd + 0x6115)
ELF object binary architecture: AMD x86-64
I think there should probably be another release with the proper patch.
To Reproduce
Print with okular (evince uses another Print-Job instead of Create-Job/Send-Document, so it does not crash apparently) via IPP with a user which is not present on the remote cups.
System Information:
- OS and its version: Fedora 43
- Application: Okular
- CUPS version: cups-2.4.17-1.fc43.x86_64
This is the patch which is present in release v2.4.17:
a0c62c1
This is the patch on master:
88516bf
The difference is in
Which leads to a null pointer dereference in the release version if the user does not exist on the machine:
I think there should probably be another release with the proper patch.
To Reproduce
Print with okular (evince uses another Print-Job instead of Create-Job/Send-Document, so it does not crash apparently) via IPP with a user which is not present on the remote cups.
System Information: