Sanitize device URI in argv[0] and use environment for auth info #933

Closed
michaelrsweet opened this Issue Oct 8, 2004 · 2 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Oct 8, 2004

Version: 1.1.22rc1
CUPS.org User: mike

Jim Lovell (Apple) suggests that we put the sanitized device URI in argv[0] and only pass the full URI in the DEVICE_URI environment variable.

Apparently, the environment of processes owned by other users is not visible/accessible (at least not for Linux, OSX, IRIX, and Solaris), so the auth info won't be exposed.

We'll need to change the IPP backend to use DEVICE_URI, change StartJob() to use the sani_uri for argv[0], and submit a patch for smbspool to the SAMBA project.

Collaborator

michaelrsweet commented Oct 8, 2004

CUPS.org User: mike

Fixed in CVS - the anonymous CVS repository will be updated at midnight EST.

Collaborator

michaelrsweet commented Oct 8, 2004

"str_920_933.patch":

Index: ipp.c

RCS file: /development/cvs/cups/scheduler/ipp.c,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- ipp.c 23 Aug 2004 18:36:50 -0000 1.233
+++ ipp.c 4 Oct 2004 20:23:54 -0000 1.234
@@ -1222,7 +1222,9 @@
}

 LogMessage(L_INFO, "Setting %s device-uri to \"%s\" (was \"%s\".)",
  •           printer->name, attr->values[0].string.text, printer->device_uri);
    
  •           printer->name,
    
  •      cupsdSanitizeURI(attr->values[0].string.text, line, sizeof(line)),
    
  •      cupsdSanitizeURI(printer->device_uri, resource, sizeof(resource)));
    

    SetString(&printer->device_uri, attr->values[0].string.text);
    }

    Index: job.c

    RCS file: /development/cvs/cups/scheduler/job.c,v
    retrieving revision 1.231
    retrieving revision 1.233
    diff -u -r1.231 -r1.233
    --- job.c 4 Oct 2004 19:40:35 -0000 1.231
    +++ job.c 8 Oct 2004 20:18:02 -0000 1.233
    @@ -1202,6 +1202,7 @@
    classification[1024], /* CLASSIFICATION environment variable /
    content_type[1024], /
    CONTENT_TYPE environment variable /
    device_uri[1024], /
    DEVICE_URI environment variable */

  •   sani_uri[1024],     /\* Sanitized DEVICE_URI env var _/
    ppd[1024],      /_ PPD environment variable _/
    class_name[255],    /_ CLASS environment variable _/
    printer_name[255],  /_ PRINTER environment variable */
    

    @@ -1695,6 +1696,7 @@
    current->filetypes[current->current_file]->super,
    current->filetypes[current->current_file]->type);
    snprintf(device_uri, sizeof(device_uri), "DEVICE_URI=%s", printer->device_uri);

  • cupsdSanitizeURI(printer->device_uri, sani_uri, sizeof(sani_uri));
    snprintf(ppd, sizeof(ppd), "PPD=%s/ppd/%s.ppd", ServerRoot, printer->name);
    snprintf(printer_name, sizeof(printer_name), "PRINTER=%s", printer->name);
    snprintf(cache, sizeof(cache), "RIP_MAX_CACHE=%s", RIPCache);
    @@ -1803,7 +1805,10 @@
    envp[envc] = NULL;

for (i = 0; i < envc; i ++)

  • LogMessage(L_DEBUG, "StartJob: envp[%d]="%s"", i, envp[i]);

  • if (strncmp(envp[i], "DEVICE_URI=", 11))

  •  LogMessage(L_DEBUG, "StartJob: envp[%d]=\"%s\"", i, envp[i]);
    
  • else

  •  LogMessage(L_DEBUG, "StartJob: envp[%d]=\"DEVICE_URI=%s\"", i, sani_uri);
    

    current->current_file ++;

@@ -2013,7 +2018,7 @@
LogMessage(L_DEBUG, "StartJob: %s\n", processPath);
#endif /* APPLE */

  • argv[0] = printer->device_uri;
  • argv[0] = sani_uri;

filterfds[slot][0] = -1;
filterfds[slot][1] = open("/dev/null", O_WRONLY);

Index: printers.c

RCS file: /development/cvs/cups/scheduler/printers.c,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -r1.164 -r1.165
--- printers.c 4 Oct 2004 19:40:35 -0000 1.164
+++ printers.c 4 Oct 2004 20:23:54 -0000 1.165
@@ -43,6 +43,7 @@

  • ValidateDest() - Validate a printer/class destination.
  • WritePrintcap() - Write a pseudo-printcap file for older
  •                        applications that need it...
    
  • * cupsdSanitizeURI() - Sanitize a device URI...
    • write_irix_config() - Update the config files used by the IRIX
    •                        desktop tools.
      
    • write_irix_state() - Update the status files used by IRIX printing
      @@ -1150,11 +1151,7 @@
      SetPrinterAttrs(printer_t p) / I - Printer to setup /
      {
      char uri[HTTP_MAX_URI]; /
      URI for printer */
  • char method[HTTP_MAX_URI], /* Method portion of URI */
  •   username[HTTP_MAX_URI], /\* Username portion of URI */
    
  •   host[HTTP_MAX_URI], /\* Host portion of URI */
    
  •   resource[HTTP_MAX_URI]; /\* Resource portion of URI */
    
  • int port; /* Port portion of URI */
  • char resource[HTTP_MAX_URI]; /* Resource portion of URI /
    int i; /
    Looping var /
    char filename[1024]; /
    Name of PPD file /
    int num_media; /
    Number of media options */
    @@ -1360,12 +1357,7 @@
    * http://..., ipp://..., etc.
    */
  •    httpSeparate(p->device_uri, method, username, host, &port, resource);
    
  • if (port)
  • snprintf(uri, sizeof(uri), "%s://%s:%d%s", method, host, port,
    
  •          resource);
    
  • else
  • snprintf(uri, sizeof(uri), "%s://%s%s", method, host, resource);
    
  •    cupsdSanitizeURI(p->device_uri, uri, sizeof(uri));
    
    }
    else
    {
    @@ -2175,6 +2167,74 @@
    }

+/*

  • * 'cupsdSanitizeURI()' - Sanitize a device URI...
  • /
    +
    +char * /
    O - New device URI /
    +cupsdSanitizeURI(const char *uri, /
    I - Original device URI */
  •             char       _buffer,   /_ O - New device URI */
    
  •             int        buflen)    /\* I - Size of new device URI buffer */
    
    +{
  • char start, / Start of data after scheme */
  • slash, / First slash after scheme:// */
  • ptr; / Pointer into user@host:port part */
  • /*
  • * Range check input...
  • */
  • if (!uri || !buffer || buflen < 2)
  • return (NULL);
  • /*
  • * Copy the device URI to the new buffer...
  • */
  • strlcpy(buffer, uri, buflen);
  • /*
  • * Find the end of the scheme:// part...
  • */
  • if ((ptr = strchr(buffer, ':')) == NULL)
  • return (buffer); /* No scheme: part... */
  • for (start = ptr + 1; *start; start ++)
  • if (*start != '/')
  •  break;
    
  • /*
  • * Find the next slash (/) in the URI...
  • */
  • if ((slash = strchr(start, '/')) == NULL)
  • slash = start + strlen(start); /* No slash, point to the end */
  • /*
  • * Check for an @ sign before the slash...
  • */
  • if ((ptr = strchr(start, '@')) != NULL && ptr < slash)
  • {
  • /*
  • * Found an @ sign and it is before the resource part, so we have
  • * an authentication string. Copy the remaining URI over the
  • * authentication string...
  • */
  • cups_strcpy(start, ptr + 1);
  • }
  • /*
  • * Return the new device URI...
  • */
  • return (buffer);
    +}

#ifdef __sgi
/*

  • 'write_irix_config()' - Update the config files used by the IRIX
    Index: printers.h

    RCS file: /development/cvs/cups/scheduler/printers.h,v
    retrieving revision 1.39
    retrieving revision 1.40
    diff -u -r1.39 -r1.40
    --- printers.h 23 Aug 2004 18:00:59 -0000 1.39
    +++ printers.h 4 Oct 2004 20:23:54 -0000 1.40
    @@ -126,7 +126,10 @@
    cups_ptype_t *dtype);
    extern void WritePrintcap(void);

+extern char *cupsdSanitizeURI(const char *uri, char *buffer,

  •                         int buflen);
    

    /*

    • End of "$Id: printers.h,v 1.39 2004/08/23 18:00:59 mike Exp $".
      */
      */

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment