DBUS notifications could crash the scheduler (Issue #5143)

- scheduler/ipp.c: Make sure requesting-user-name string is valid UTF-8.
apple · Oct 23, 2017 · 49fa498 · 49fa498 · Z5T1 · Mar 26, 2018
1 parent 34be0e8
commit 49fa498
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,12 +1,13 @@
-CHANGES - 2.2.6 - 2017-10-19
+CHANGES - 2.2.6 - 2017-10-23
 ============================
 
 
 Changes in CUPS v2.2.6
 ----------------------
 
+- DBUS notifications could crash the scheduler (Issue #5143)
 - Added USB quirks rules for Canon MP540 and Samsung ML-2160 (Issue #5148)
-- Fixed TLS cipher suite selection with GNU TLS (Issue #5145)
+- Fixed TLS cipher suite selection with GNU TLS (Issue #5145, Issue #5150)
 
 
 Changes in CUPS v2.2.5

diff --git a/scheduler/ipp.c b/scheduler/ipp.c
@@ -1597,6 +1597,16 @@ add_job(cupsd_client_t  *con,		/* I - Client connection */
     return (NULL);
   }
 
+  attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
+
+  if (attr && !ippValidateAttribute(attr))
+  {
+    send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
+    if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
+      attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+    return (NULL);
+  }
+
   if ((job = cupsdAddJob(priority, printer->name)) == NULL)
   {
     send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1615,8 +1625,6 @@ add_job(cupsd_client_t  *con,		/* I - Client connection */
   add_job_uuid(job);
   apply_printer_defaults(printer, job);
 
-  attr = ippFindAttribute(job->attrs, "requesting-user-name", IPP_TAG_NAME);
-
   if (con->username[0])
   {
     cupsdSetString(&job->username, con->username);