Patch for CVE-2007-4045 still valid? #2725

Closed
michaelrsweet opened this Issue Feb 27, 2008 · 2 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Feb 27, 2008

Version: 1.3.6
CUPS.org User: tgurr

Over at Gentoo we still patch cups with the CVE-2007-4045 patch from:
https://bugzilla.redhat.com/show_bug.cgi?id=250161
since it applies well since cups 1.3.4, is it still valid/needed?
I couldn't find any reference to CVE-2007-4045 in the changelogs.

PS: Could you perhaps add a new Priority to the bugtracker for security issues, didn't know where it fits best so I choosed 3.

PPS: Attached the patch for the sake of completeness.

Collaborator

michaelrsweet commented Feb 27, 2008

CUPS.org User: mike

This patch is not valid or needed for any version of CUPS since 1.2.

The problem in 1.1.x was that the Clients array was allocated as a contiguous array, so when a client went away the user data pointer for OpenSSL needed to be updated to point to the correct http_t structure.

In 1.2 we changed the Clients array to use individually-allocated cupsd_client_t structures managed by the CUPS array API. This means that the address of the http_t structure won't change when a client is removed or added.

Re: the security priority, it is not needed - you just pick the correct "published" state and then choose the corresponding severity based on the type of security issue ("Denial-of-service" might be priority 4, "remote exploit" would be "5", and so forth).

Collaborator

michaelrsweet commented Feb 27, 2008

"cups-1.3.4-CVE-2007-4045.patch":

diff -up cups-1.3.4/scheduler/client.c.CVE-2007-4045 cups-1.3.4/scheduler/client.c
--- cups-1.3.4/scheduler/client.c.CVE-2007-4045 2007-11-07 21:11:58.000000000 +0000
+++ cups-1.3.4/scheduler/client.c 2007-11-07 21:13:26.000000000 +0000
@@ -114,6 +114,25 @@ static int write_file(cupsd_client_t *c
static void write_pipe(cupsd_client_t *con);

+void
+_cupsdFixClientsBIO(void)
+{
+#ifdef HAVE_LIBSSL

  • cupsd_client_t *c;
  • BIO *bio;
  • cupsArraySave (Clients);
  • for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
  •   c;
    
  •   c = (cupsd_client_t *)cupsArrayNext(Clients))
    
  • {
  • bio = SSL_get_wbio(c->http.tls);
  • BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
  • }
  • cupsArrayRestore (Clients);
    +#endif
    +}

/*

  • 'cupsdAcceptClient()' - Accept a new client.
    */
    @@ -451,6 +470,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
    }

cupsArrayAdd(Clients, con);

  • _cupsdFixClientsBIO();

cupsdLogMessage(CUPSD_LOG_DEBUG2,
"cupsdAcceptClient: %d connected to server on %s:%d",
@@ -735,6 +755,7 @@ cupsdCloseClient(cupsd_client_t con) /
*/

cupsArrayRemove(Clients, con);

  • _cupsdFixClientsBIO();

free(con);
}
diff -up cups-1.3.4/scheduler/main.c.CVE-2007-4045 cups-1.3.4/scheduler/main.c

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment