File cups-1.3.9-CVE-2010-0393.patch of Package cups

Overview Repositories Revisions Requests Users Attributes Meta

File cups-1.3.9-CVE-2010-0393.patch of Package cups

--- cups/globals.c.orig	2007-07-11 23:46:42.000000000 +0200
+++ cups/globals.c	2010-02-02 14:13:01.000000000 +0100
@@ -39,20 +39,44 @@
 static void
 cups_env_init(_cups_globals_t *g)	/* I - Global data */
 {
-  if ((g->cups_datadir = getenv("CUPS_DATADIR")) == NULL)
-    g->cups_datadir = CUPS_DATADIR;
+#ifdef HAVE_GETEUID
+  if ((geteuid() != getuid() && getuid()) || getegid() != getgid())
+#else
+  if (!getuid())
+#endif /* HAVE_GETEUID */
+  {
+   /*
+    * When running setuid/setgid, don't allow environment variables to override
+    * the directories...
+    */
 
-  if ((g->cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
-    g->cups_serverbin = CUPS_SERVERBIN;
-
-  if ((g->cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
+    g->cups_datadir    = CUPS_DATADIR;
+    g->cups_serverbin  = CUPS_SERVERBIN;
     g->cups_serverroot = CUPS_SERVERROOT;
-
-  if ((g->cups_statedir = getenv("CUPS_STATEDIR")) == NULL)
-    g->cups_statedir = CUPS_STATEDIR;
-
-  if ((g->localedir = getenv("LOCALEDIR")) == NULL)
-    g->localedir = CUPS_LOCALEDIR;
+    g->cups_statedir   = CUPS_STATEDIR;
+    g->localedir       = CUPS_LOCALEDIR;
+  }
+  else
+  {
+   /*
+    * Allow directories to be overridden by environment variables.
+    */
+
+    if ((g->cups_datadir = getenv("CUPS_DATADIR")) == NULL)
+      g->cups_datadir = CUPS_DATADIR;
+
+    if ((g->cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
+      g->cups_serverbin = CUPS_SERVERBIN;
+
+    if ((g->cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
+      g->cups_serverroot = CUPS_SERVERROOT;
+
+    if ((g->cups_statedir = getenv("CUPS_STATEDIR")) == NULL)
+      g->cups_statedir = CUPS_STATEDIR;
+
+    if ((g->localedir = getenv("LOCALEDIR")) == NULL)
+      g->localedir = CUPS_LOCALEDIR;
+  }
 }
 
 
--- systemv/lppasswd.c.orig	2008-07-12 00:48:49.000000000 +0200
+++ systemv/lppasswd.c	2010-02-02 14:29:10.000000000 +0100
@@ -31,9 +31,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
-#include <cups/string.h>
-#include <cups/cups.h>
-#include <cups/i18n.h>
+#include <cups/globals.h>
 #include <cups/md5.h>
 
 #ifndef WIN32
@@ -79,7 +77,6 @@ main(int  argc,				/* I - Number of comm
 		groupline[17],		/* Group from line */
 		md5line[33],		/* MD5-sum from line */
 		md5new[33];		/* New MD5 sum */
-  const char	*root;			/* CUPS server root directory */
   char		passwdmd5[1024],	/* passwd.md5 file */
 		passwdold[1024],	/* passwd.old file */
 		passwdnew[1024];	/* passwd.tmp file */
@@ -88,6 +85,7 @@ main(int  argc,				/* I - Number of comm
   int		flag;			/* Password check flags... */
   int		fd;			/* Password file descriptor */
   int		error;			/* Write error */
+  _cups_globals_t *cg = _cupsGlobals();	/* Global data */
 #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
   struct sigaction action;		/* Signal action */
 #endif /* HAVE_SIGACTION && !HAVE_SIGSET*/
@@ -113,18 +111,11 @@ main(int  argc,				/* I - Number of comm
 
  /*
   * Find the server directory...
-  *
-  * We use the CUPS_SERVERROOT environment variable when we are running
-  * as root or when lppasswd is not setuid...
   */
 
-  if ((root = getenv("CUPS_SERVERROOT")) == NULL ||
-      (getuid() != geteuid() && getuid()))
-    root = CUPS_SERVERROOT;
-
-  snprintf(passwdmd5, sizeof(passwdmd5), "%s/passwd.md5", root);
-  snprintf(passwdold, sizeof(passwdold), "%s/passwd.old", root);
-  snprintf(passwdnew, sizeof(passwdnew), "%s/passwd.new", root);
+  snprintf(passwdmd5, sizeof(passwdmd5), "%s/passwd.md5", cg->cups_serverroot);
+  snprintf(passwdold, sizeof(passwdold), "%s/passwd.old", cg->cups_serverroot);
+  snprintf(passwdnew, sizeof(passwdnew), "%s/passwd.new", cg->cups_serverroot);
 
  /*
   * Find the default system group...
@@ -179,7 +170,11 @@ main(int  argc,				/* I - Number of comm
   * as root...
   */
 
-  if (getuid() && getuid() != geteuid() && (op != CHANGE || username))
+#ifdef HAVE_GETEUID
+  if (getuid() && (op != CHANGE || username) && (geteuid() != getuid() || getegid() != getgid()))
+#else
+  if (getuid() && (op != CHANGE || username))
+#endif /* HAVE_GETEUID */
   {
     _cupsLangPuts(stderr,
                   _("lppasswd: Only root can add or delete passwords!\n"));

Places

File cups-1.3.9-CVE-2010-0393.patch of Package cups

Places