Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
cups.29092
cups-branch-2.2-commit-97cb566568a8c3a9c07c7cce...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954-for-cups-1.7.5-stripped.diff of Package cups.29092
--- scheduler/conf.c.orig 2014-06-16 18:13:06.000000000 +0200 +++ scheduler/conf.c 2018-06-19 15:55:09.000000000 +0200 @@ -2844,13 +2844,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - /* Line from file */ temp[HTTP_MAX_BUFFER], /* Temporary buffer for value */ - *value, /* Pointer to value */ - *valueptr; /* Pointer into value */ + *value; /* Pointer to value */ int valuelen; /* Length of value */ http_addrlist_t *addrlist, /* Address list */ *addr; /* Current address */ - cups_file_t *incfile; /* Include file */ - char incname[1024]; /* Include filename */ /* @@ -2865,28 +2862,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - * Decode the directive... */ - if (!_cups_strcasecmp(line, "Include") && value) - { - /* - * Include filename - */ - - if (value[0] == '/') - strlcpy(incname, value, sizeof(incname)); - else - snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value); - - if ((incfile = cupsFileOpen(incname, "rb")) == NULL) - cupsdLogMessage(CUPSD_LOG_ERROR, - "Unable to include config file \"%s\" - %s", - incname, strerror(errno)); - else - { - read_cupsd_conf(incfile); - cupsFileClose(incfile); - } - } - else if (!_cups_strcasecmp(line, "<Location") && value) + if (!_cups_strcasecmp(line, "<Location") && value) { /* * <Location path> @@ -3211,31 +3187,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.", value, linenum); } - else if (!_cups_strcasecmp(line, "PassEnv") && value) - { - /* - * PassEnv variable [... variable] - */ - - for (; *value;) - { - for (valuelen = 0; value[valuelen]; valuelen ++) - if (_cups_isspace(value[valuelen]) || value[valuelen] == ',') - break; - - if (value[valuelen]) - { - value[valuelen] = '\0'; - valuelen ++; - } - - cupsdSetEnv(value, NULL); - - for (value += valuelen; *value; value ++) - if (!_cups_isspace(*value) || *value != ',') - break; - } - } else if (!_cups_strcasecmp(line, "ServerAlias") && value) { /* @@ -3264,30 +3215,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - break; } } - else if (!_cups_strcasecmp(line, "SetEnv") && value) - { - /* - * SetEnv variable value - */ - - for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++); - - if (*valueptr) - { - /* - * Found a value... - */ - - while (isspace(*valueptr & 255)) - *valueptr++ = '\0'; - - cupsdSetEnv(value, valueptr); - } - else - cupsdLogMessage(CUPSD_LOG_ERROR, - "Missing value for SetEnv directive on line %d.", - linenum); - } #ifdef HAVE_SSL else if (!_cups_strcasecmp(line, "SSLOptions")) { @@ -3318,6 +3245,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - !_cups_strcasecmp(line, "LogFilePerm") || !_cups_strcasecmp(line, "LPDConfigFile") || !_cups_strcasecmp(line, "PageLog") || + !_cups_strcasecmp(line, "PassEnv") || !_cups_strcasecmp(line, "Printcap") || !_cups_strcasecmp(line, "PrintcapFormat") || !_cups_strcasecmp(line, "RemoteRoot") || @@ -3326,6 +3254,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - !_cups_strcasecmp(line, "ServerCertificate") || !_cups_strcasecmp(line, "ServerKey") || !_cups_strcasecmp(line, "ServerRoot") || + !_cups_strcasecmp(line, "SetEnv") || !_cups_strcasecmp(line, "SMBConfigFile") || !_cups_strcasecmp(line, "StateDir") || !_cups_strcasecmp(line, "SystemGroup") || @@ -3355,10 +3284,49 @@ read_cupsd_conf(cups_file_t *fp) /* I - static int /* O - 1 on success, 0 on failure */ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */ { - int linenum; /* Current line number */ + int i, /* Looping var */ + linenum; /* Current line number */ char line[HTTP_MAX_BUFFER], /* Line from file */ *value; /* Value from line */ struct group *group; /* Group */ + static const char * const prohibited_env[] = + { /* Prohibited environment variables */ + "APPLE_LANGUAGE", + "AUTH_DOMAIN", + "AUTH_INFO_REQUIRED", + "AUTH_NEGOTIATE", + "AUTH_PASSWORD", + "AUTH_UID", + "AUTH_USERNAME", + "CHARSET", + "CLASS", + "CLASSIFICATION", + "CONTENT_TYPE", + "CUPS_CACHEDIR", + "CUPS_DATADIR", + "CUPS_DOCROOT", + "CUPS_FILETYPE", + "CUPS_FONTPATH", + "CUPS_MAX_MESSAGE", + "CUPS_REQUESTROOT", + "CUPS_SERVERBIN", + "CUPS_SERVERROOT", + "CUPS_STATEDIR", + "DEVICE_URI", + "FINAL_CONTENT_TYPE", + "HOME", + "LANG", + "PPD", + "PRINTER", + "PRINTER_INFO", + "PRINTER_LOCATION", + "PRINTER_STATE_REASONS", + "RIP_CACHE", + "SERVER_ADMIN", + "SOFTWARE", + "TMPDIR", + "USER" + }; /* @@ -3396,6 +3364,47 @@ read_cups_files_conf(cups_file_t *fp) /* } } } + else if (!_cups_strcasecmp(line, "PassEnv") && value) + { + /* + * PassEnv variable [... variable] + */ + + int valuelen; /* Length of variable name */ + + for (; *value;) + { + for (valuelen = 0; value[valuelen]; valuelen ++) + if (_cups_isspace(value[valuelen]) || value[valuelen] == ',') + break; + + if (value[valuelen]) + { + value[valuelen] = '\0'; + valuelen ++; + } + + for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++) + { + if (!strcmp(value, prohibited_env[i])) + { + cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be passed through on line %d of %s.", value, linenum, CupsFilesFile); + + if (FatalErrors & CUPSD_FATAL_CONFIG) + return (0); + else + break; + } + } + + if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0]))) + cupsdSetEnv(value, NULL); + + for (value += valuelen; *value; value ++) + if (!_cups_isspace(*value) || *value != ',') + break; + } + } else if (!_cups_strcasecmp(line, "PrintcapFormat") && value) { /* @@ -3417,6 +3426,46 @@ read_cups_files_conf(cups_file_t *fp) /* return (0); } } + else if (!_cups_strcasecmp(line, "SetEnv") && value) + { + /* + * SetEnv variable value + */ + + char *valueptr; /* Pointer to environment variable value */ + + for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++); + + if (*valueptr) + { + /* + * Found a value... + */ + + while (isspace(*valueptr & 255)) + *valueptr++ = '\0'; + + for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++) + { + if (!strcmp(value, prohibited_env[i])) + { + cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be set on line %d of %s.", value, linenum, CupsFilesFile); + + if (FatalErrors & CUPSD_FATAL_CONFIG) + return (0); + else + break; + } + } + + if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0]))) + cupsdSetEnv(value, valueptr); + } + else + cupsdLogMessage(CUPSD_LOG_ERROR, + "Missing value for SetEnv directive on line %d of %s.", + linenum, ConfigurationFile); + } else if (!_cups_strcasecmp(line, "SystemGroup") && value) { /* --- scheduler/job.c.orig 2013-11-08 16:18:01.000000000 +0100 +++ scheduler/job.c 2018-06-19 16:05:25.000000000 +0200 @@ -4494,6 +4494,18 @@ start_job(cupsd_job_t *job, /* I - job->status = 0; job->profile = cupsdCreateProfile(job->id); +#ifdef HAVE_SANDBOX_H + if (!job->profile) + { + /* + * Failure to create the sandbox profile means something really bad has + * happened and we need to shutdown immediately. + */ + + return; + } +#endif /* HAVE_SANDBOX_H */ + /* * Create the status pipes and buffer... */ --- scheduler/process.c.orig 2013-05-29 13:51:34.000000000 +0200 +++ scheduler/process.c 2018-06-19 16:11:38.000000000 +0200 @@ -94,10 +94,15 @@ cupsdCreateProfile(int job_id) /* I - J if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL) { + /* + * This should never happen, and is fatal when sandboxing is enabled. + */ + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL", job_id); cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s", strerror(errno)); + kill(getpid(), SIGTERM); return (NULL); } --- scheduler/server.c.orig 2013-05-29 13:51:34.000000000 +0200 +++ scheduler/server.c 2018-06-19 16:13:48.000000000 +0200 @@ -45,16 +45,28 @@ void cupsdStartServer(void) { /* - * Start color management (as needed)... + * Create the default security profile... */ - cupsdStartColor(); + DefaultProfile = cupsdCreateProfile(0); + +#ifdef HAVE_SANDBOX_H + if (!DefaultProfile) + { + /* + * Failure to create the sandbox profile means something really bad has + * happened and we need to shutdown immediately. + */ + + return; + } +#endif /* HAVE_SANDBOX_H */ /* - * Create the default security profile... + * Start color management (as needed)... */ - DefaultProfile = cupsdCreateProfile(0); + cupsdStartColor(); /* * Startup all the networking stuff...
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor