Skip to content
Permalink
Browse files

DBUS notifications could crash the scheduler (Issue #5143)

- scheduler/ipp.c: Make sure requesting-user-name string is valid UTF-8.
  • Loading branch information...
michaelrsweet committed Oct 23, 2017
1 parent 34be0e8 commit 49fa4983f25b64ec29d548ffa3b9782426007df3
Showing with 13 additions and 4 deletions.
  1. +3 −2 CHANGES.md
  2. +10 −2 scheduler/ipp.c
@@ -1,12 +1,13 @@
CHANGES - 2.2.6 - 2017-10-19
CHANGES - 2.2.6 - 2017-10-23
============================


Changes in CUPS v2.2.6
----------------------

- DBUS notifications could crash the scheduler (Issue #5143)
- Added USB quirks rules for Canon MP540 and Samsung ML-2160 (Issue #5148)
- Fixed TLS cipher suite selection with GNU TLS (Issue #5145)
- Fixed TLS cipher suite selection with GNU TLS (Issue #5145, Issue #5150)


Changes in CUPS v2.2.5
@@ -1597,6 +1597,16 @@ add_job(cupsd_client_t *con, /* I - Client connection */
return (NULL);
}

attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);

if (attr && !ippValidateAttribute(attr))
{
send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
return (NULL);
}

if ((job = cupsdAddJob(priority, printer->name)) == NULL)
{
send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1615,8 +1625,6 @@ add_job(cupsd_client_t *con, /* I - Client connection */
add_job_uuid(job);
apply_printer_defaults(printer, job);

attr = ippFindAttribute(job->attrs, "requesting-user-name", IPP_TAG_NAME);

if (con->username[0])
{
cupsdSetString(&job->username, con->username);

1 comment on commit 49fa498

@Z5T1

This comment has been minimized.

Copy link

commented on 49fa498 Mar 26, 2018

Fixes CVE-2017-18248

Please sign in to comment.
You can’t perform that action at this time.