File cups-filters-1.25.0-0003-beh-backend-Further-im... of Package cups-filters.33564

Overview Repositories Revisions Requests Users Attributes Meta

File cups-filters-1.25.0-0003-beh-backend-Further-improvements-CVE-2023-24805.patch of Package cups-filters.33564

--- backend/beh.c.patched.0002-beh-backend-Extra-checks-against-odd-forged-input-CV	2023-05-15 16:32:17.990249265 +0200
+++ backend/beh.c	2023-05-15 16:44:07.347708805 +0200
@@ -28,7 +28,7 @@
  * Local globals...
  */
 
-static int		job_canceled = 0; /* Set to 1 on SIGTERM */
+static volatile int	job_canceled = 0; /* Set to 1 on SIGTERM */
 
 /*
  * Local functions...
@@ -229,9 +229,7 @@ call_backend(char *uri,
   */
 
   scheme[0] = '\0';
-  strncpy(scheme, uri, sizeof(scheme));
-  if (strlen(uri) > sizeof(scheme) - 1)
-    scheme[sizeof(scheme) - 1] = '\0';
+  strncat(scheme, uri, sizeof(scheme) - 1);
   if ((ptr = strchr(scheme, ':')) != NULL)
     *ptr = '\0';
   else
@@ -246,7 +244,13 @@ call_backend(char *uri,
 	    "ERROR: beh: Invalid URI, scheme contains a slash ('/').\n");
     exit (CUPS_BACKEND_FAILED);
   }
-
+  if (!strcmp(scheme, ".") || !strcmp(scheme, ".."))
+  {
+    fprintf(stderr,
+	    "ERROR: beh: Invalid URI, scheme (\"%s\") is a directory.\n",
+	    scheme);
+    exit (CUPS_BACKEND_FAILED);
+  }
   if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
     cups_serverbin = CUPS_SERVERBIN;
 
@@ -330,8 +334,10 @@ static void
 sigterm_handler(int sig) {		/* I - Signal number (unused) */
   (void)sig;
 
-  fprintf(stderr,
-	  "DEBUG: beh: Job canceled.\n");
+  const char * const msg = "DEBUG: beh: Job canceled.\n";
+  // The if() is to eliminate the return value and silence the warning
+  // about an unused return value.
+  if (write(2, msg, strlen(msg)));
 
   if (job_canceled)
     _exit(CUPS_BACKEND_OK);

Places

File cups-filters-1.25.0-0003-beh-backend-Further-improvements-CVE-2023-24805.patch of Package cups-filters.33564

Places