Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
cups.29092
cups-1.7.5-CVE-2019-8675.CVE-2019-8696.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cups-1.7.5-CVE-2019-8675.CVE-2019-8696.patch of Package cups.29092
--- cups/http.c.orig 2014-03-28 14:04:33.000000000 +0100 +++ cups/http.c 2019-11-13 16:21:39.000000000 +0100 @@ -1960,7 +1960,7 @@ httpPrintf(http_t *http, /* I - Con ...) /* I - Additional args as needed */ { int bytes; /* Number of bytes to write */ - char buf[16384]; /* Buffer for formatted string */ + char buf[65536]; /* Buffer for formatted string */ va_list ap; /* Variable argument pointer */ @@ -1972,7 +1972,12 @@ httpPrintf(http_t *http, /* I - Con DEBUG_printf(("3httpPrintf: (%d bytes) %s", bytes, buf)); - if (http->data_encoding == HTTP_ENCODING_FIELDS) + if (bytes > (ssize_t)(sizeof(buf) - 1)) + { + http->error = ENOMEM; + return (-1); + } + else if (http->data_encoding == HTTP_ENCODING_FIELDS) return (httpWrite2(http, buf, bytes)); else { --- cups/ipp.c.orig 2014-05-09 01:10:47.000000000 +0200 +++ cups/ipp.c 2019-11-13 16:25:43.000000000 +0100 @@ -4659,9 +4659,7 @@ ippSetValueTag( break; case IPP_TAG_NAME : - if (temp_tag != IPP_TAG_KEYWORD && temp_tag != IPP_TAG_URI && - temp_tag != IPP_TAG_URISCHEME && temp_tag != IPP_TAG_LANGUAGE && - temp_tag != IPP_TAG_MIMETYPE) + if (temp_tag != IPP_TAG_KEYWORD) return (0); (*attr)->value_tag = (ipp_tag_t)(IPP_TAG_NAME | ((*attr)->value_tag & IPP_TAG_CUPS_CONST)); @@ -4669,10 +4667,7 @@ ippSetValueTag( case IPP_TAG_NAMELANG : case IPP_TAG_TEXTLANG : - if (value_tag == IPP_TAG_NAMELANG && - (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD && - temp_tag != IPP_TAG_URI && temp_tag != IPP_TAG_URISCHEME && - temp_tag != IPP_TAG_LANGUAGE && temp_tag != IPP_TAG_MIMETYPE)) + if (value_tag == IPP_TAG_NAMELANG && (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD)) return (0); if (value_tag == IPP_TAG_TEXTLANG && temp_tag != IPP_TAG_TEXT) --- cups/snmp.c.orig 2013-02-04 20:27:13.000000000 +0100 +++ cups/snmp.c 2019-11-13 16:32:00.000000000 +0100 @@ -1275,6 +1275,9 @@ asn1_get_integer( int value; /* Integer value */ + if (*buffer >= bufend) + return (0); + if (length > sizeof(int)) { (*buffer) += length; @@ -1301,6 +1304,9 @@ asn1_get_length(unsigned char **buffer, unsigned length; /* Length */ + if (*buffer >= bufend) + return (0); + length = **buffer; (*buffer) ++; @@ -1343,6 +1349,9 @@ asn1_get_oid( int number; /* OID number */ + if (*buffer >= bufend) + return (0); + valend = *buffer + length; oidptr = oid; oidend = oid + oidsize - 1; @@ -1391,9 +1400,12 @@ asn1_get_packed( int value; /* Value */ + if (*buffer >= bufend) + return (0); + value = 0; - while ((**buffer & 128) && *buffer < bufend) + while (*buffer < bufend && (**buffer & 128)) { value = (value << 7) | (**buffer & 127); (*buffer) ++; @@ -1421,6 +1433,9 @@ asn1_get_string( char *string, /* I - String buffer */ int strsize) /* I - String buffer size */ { + if (*buffer >= bufend) + return (NULL); + if (length > (bufend - *buffer)) length = bufend - *buffer; @@ -1471,6 +1486,9 @@ asn1_get_type(unsigned char **buffer, /* int type; /* Type */ + if (*buffer >= bufend) + return (0); + type = **buffer; (*buffer) ++;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor