Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2:Test
cups
cups-1.3.11-CVE-2009-2820.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cups-1.3.11-CVE-2009-2820.patch of Package cups
diff -upr cups-1.3.11.orig/cgi-bin/admin.c cups-1.3.11/cgi-bin/admin.c --- cups-1.3.11.orig/cgi-bin/admin.c 2009-06-18 23:42:45.000000000 +0200 +++ cups-1.3.11/cgi-bin/admin.c 2009-10-21 11:43:02.000000000 +0200 @@ -104,6 +104,7 @@ main(int argc, /* I - Number of comm */ cgiSetVariable("SECTION", "admin"); + cgiSetVariable("REFRESH_PAGE", ""); /* * See if we have form data... @@ -134,16 +135,61 @@ main(int argc, /* I - Number of comm if (getenv("HTTPS")) - snprintf(prefix, sizeof(prefix), "https://%s:%s", - getenv("SERVER_NAME"), getenv("SERVER_PORT")); + snprintf(prefix, sizeof(prefix), "https://%s:%s", + getenv("SERVER_NAME"), getenv("SERVER_PORT")); else - snprintf(prefix, sizeof(prefix), "http://%s:%s", - getenv("SERVER_NAME"), getenv("SERVER_PORT")); + snprintf(prefix, sizeof(prefix), "http://%s:%s", + getenv("SERVER_NAME"), getenv("SERVER_PORT")); + + fprintf(stderr, "DEBUG: redirecting with prefix %s!\n", prefix); if ((url = cgiGetVariable("URL")) != NULL) - printf("Location: %s%s\n\n", prefix, url); + { + char encoded[1024], /* Encoded URL string */ + *ptr; /* Pointer into encoded string */ + + + ptr = encoded; + if (*url != '/') + *ptr++ = '/'; + + for (; *url && ptr < (encoded + sizeof(encoded) - 4); url ++) + { + if (strchr("%@&+ <>#=", *url) || *url < ' ' || *url & 128) + { + /* + * Percent-encode this character; safe because we have at least 4 + * bytes left in the array... + */ + + sprintf(ptr, "%%%02X", *url & 255); + ptr += 3; + } + else + *ptr++ = *url; + } + + *ptr = '\0'; + + if (*url) + { + /* + * URL was too long, just redirect to the admin page... + */ + + printf("Location: %s/admin\n\n", prefix); + } + else + { + /* + * URL is OK, redirect there... + */ + + printf("Location: %s%s\n\n", prefix, encoded); + } + } else - printf("Location: %s/admin\n\n", prefix); + printf("Location: %s/admin\n\n", prefix); } else if (!strcmp(op, "start-printer")) do_printer_op(http, IPP_RESUME_PRINTER, cgiText(_("Start Printer"))); @@ -293,6 +339,31 @@ do_add_rss_subscription(http_t *http) /* * and classes and (re)show the add page... */ + if (cgiGetVariable("EVENT_JOB_CREATED")) + cgiSetVariable("EVENT_JOB_CREATED", "CHECKED"); + if (cgiGetVariable("EVENT_JOB_COMPLETED")) + cgiSetVariable("EVENT_JOB_COMPLETED", "CHECKED"); + if (cgiGetVariable("EVENT_JOB_STOPPED")) + cgiSetVariable("EVENT_JOB_STOPPED", "CHECKED"); + if (cgiGetVariable("EVENT_JOB_CONFIG_CHANGED")) + cgiSetVariable("EVENT_JOB_CONFIG_CHANGED", "CHECKED"); + if (cgiGetVariable("EVENT_PRINTER_STOPPED")) + cgiSetVariable("EVENT_PRINTER_STOPPED", "CHECKED"); + if (cgiGetVariable("EVENT_PRINTER_ADDED")) + cgiSetVariable("EVENT_PRINTER_ADDED", "CHECKED"); + if (cgiGetVariable("EVENT_PRINTER_MODIFIED")) + cgiSetVariable("EVENT_PRINTER_MODIFIED", "CHECKED"); + if (cgiGetVariable("EVENT_PRINTER_DELETED")) + cgiSetVariable("EVENT_PRINTER_DELETED", "CHECKED"); + if (cgiGetVariable("EVENT_SERVER_STARTED")) + cgiSetVariable("EVENT_SERVER_STARTED", "CHECKED"); + if (cgiGetVariable("EVENT_SERVER_STOPPED")) + cgiSetVariable("EVENT_SERVER_STOPPED", "CHECKED"); + if (cgiGetVariable("EVENT_SERVER_RESTARTED")) + cgiSetVariable("EVENT_SERVER_RESTARTED", "CHECKED"); + if (cgiGetVariable("EVENT_SERVER_AUDIT")) + cgiSetVariable("EVENT_SERVER_AUDIT", "CHECKED"); + request = ippNewRequest(CUPS_GET_PRINTERS); response = cupsDoRequest(http, request, "/"); @@ -450,6 +521,10 @@ do_am_class(http_t *http, /* I - HTTP c * Do the request and get back a response... */ + cgiClearVariables(); + if (name) + cgiSetVariable("PRINTER_NAME", name); + if ((response = cupsDoRequest(http, request, "/")) != NULL) { /* @@ -2336,7 +2411,9 @@ do_menu(http_t *http) /* I - HTTP conn if ((val = cupsGetOption("DefaultAuthType", num_settings, settings)) != NULL && !strcasecmp(val, "Negotiate")) cgiSetVariable("KERBEROS", "CHECKED"); + else #endif /* HAVE_GSSAPI */ + cgiSetVariable("KERBEROS", ""); cupsFreeOptions(num_settings, settings); diff -upr cups-1.3.11.orig/cgi-bin/cgi.h cups-1.3.11/cgi-bin/cgi.h --- cups-1.3.11.orig/cgi-bin/cgi.h 2008-07-12 00:48:49.000000000 +0200 +++ cups-1.3.11/cgi-bin/cgi.h 2009-10-21 11:42:42.000000000 +0200 @@ -54,6 +54,7 @@ typedef struct cgi_file_s /**** Uploade extern void cgiAbort(const char *title, const char *stylesheet, const char *format, ...); extern int cgiCheckVariables(const char *names); +extern void cgiClearVariables(void); extern void *cgiCompileSearch(const char *query); extern void cgiCopyTemplateFile(FILE *out, const char *tmpl); extern void cgiCopyTemplateLang(const char *tmpl); diff -upr cups-1.3.11.orig/cgi-bin/classes.c cups-1.3.11/cgi-bin/classes.c --- cups-1.3.11.orig/cgi-bin/classes.c 2008-07-12 00:48:49.000000000 +0200 +++ cups-1.3.11/cgi-bin/classes.c 2009-10-21 11:43:16.000000000 +0200 @@ -69,6 +69,7 @@ main(int argc, /* I - Number of comm */ cgiSetVariable("SECTION", "classes"); + cgiSetVariable("REFRESH_PAGE", ""); /* * See if we are displaying a printer or all classes... diff -upr cups-1.3.11.orig/cgi-bin/help.c cups-1.3.11/cgi-bin/help.c --- cups-1.3.11.orig/cgi-bin/help.c 2008-07-12 00:48:49.000000000 +0200 +++ cups-1.3.11/cgi-bin/help.c 2009-10-21 11:43:06.000000000 +0200 @@ -63,6 +63,7 @@ main(int argc, /* I - Number of comm */ cgiSetVariable("SECTION", "help"); + cgiSetVariable("REFRESH_PAGE", ""); /* * Load the help index... @@ -102,7 +103,7 @@ main(int argc, /* I - Number of comm */ for (i = 0; i < argc; i ++) - fprintf(stderr, "argv[%d]=\"%s\"\n", i, argv[i]); + fprintf(stderr, "DEBUG: argv[%d]=\"%s\"\n", i, argv[i]); if ((helpfile = getenv("PATH_INFO")) != NULL) { @@ -179,6 +180,12 @@ main(int argc, /* I - Number of comm topic = cgiGetVariable("TOPIC"); si = helpSearchIndex(hi, query, topic, helpfile); + cgiClearVariables(); + if (query) + cgiSetVariable("QUERY", query); + if (topic) + cgiSetVariable("TOPIC", topic); + fprintf(stderr, "DEBUG: query=\"%s\", topic=\"%s\"\n", query ? query : "(null)", topic ? topic : "(null)"); diff -upr cups-1.3.11.orig/cgi-bin/ipp-var.c cups-1.3.11/cgi-bin/ipp-var.c --- cups-1.3.11.orig/cgi-bin/ipp-var.c 2009-03-05 19:44:14.000000000 +0100 +++ cups-1.3.11/cgi-bin/ipp-var.c 2009-10-21 11:42:57.000000000 +0200 @@ -1220,7 +1220,9 @@ cgiShowJobs(http_t *http, /* I - Co int ascending, /* Order of jobs (0 = descending) */ first, /* First job to show */ count; /* Number of jobs */ - const char *var; /* Form variable */ + const char *var, /* Form variable */ + *query, /* Query string */ + *section; /* Section in web interface */ void *search; /* Search data */ char url[1024], /* URL for prev/next/this */ *urlptr, /* Position in URL */ @@ -1265,10 +1267,13 @@ cgiShowJobs(http_t *http, /* I - Co * Get a list of matching job objects. */ - if ((var = cgiGetVariable("QUERY")) != NULL) - search = cgiCompileSearch(var); + if ((query = cgiGetVariable("QUERY")) != NULL) + search = cgiCompileSearch(query); else + { + query = NULL; search = NULL; + } jobs = cgiGetIPPObjects(response, search); count = cupsArrayCount(jobs); @@ -1293,16 +1298,27 @@ cgiShowJobs(http_t *http, /* I - Co if (first < 0) first = 0; - sprintf(url, "%d", count); - cgiSetVariable("TOTAL", url); - if ((var = cgiGetVariable("ORDER")) != NULL) ascending = !strcasecmp(var, "asc"); else - { ascending = !which_jobs || !strcasecmp(which_jobs, "not-completed"); - cgiSetVariable("ORDER", ascending ? "asc" : "dec"); - } + + section = cgiGetVariable("SECTION"); + + cgiClearVariables(); + + if (query) + cgiSetVariable("QUERY", query); + + cgiSetVariable("ORDER", ascending ? "asc" : "dec"); + + cgiSetVariable("SECTION", section); + + sprintf(url, "%d", count); + cgiSetVariable("TOTAL", url); + + if (which_jobs) + cgiSetVariable("WHICH_JOBS", which_jobs); if (ascending) { @@ -1325,11 +1341,10 @@ cgiShowJobs(http_t *http, /* I - Co urlend = url + sizeof(url); - if ((var = cgiGetVariable("QUERY")) != NULL) + if (query != NULL) { if (dest) - snprintf(url, sizeof(url), "/%s/%s?QUERY=", cgiGetVariable("SECTION"), - dest); + snprintf(url, sizeof(url), "/%s/%s?QUERY=", section, dest); else strlcpy(url, "/jobs/?QUERY=", sizeof(url)); @@ -1344,7 +1359,7 @@ cgiShowJobs(http_t *http, /* I - Co else { if (dest) - snprintf(url, sizeof(url), "/%s/%s?", cgiGetVariable("SECTION"), dest); + snprintf(url, sizeof(url), "/%s/%s?", section, dest); else strlcpy(url, "/jobs/?", sizeof(url)); diff -upr cups-1.3.11.orig/cgi-bin/jobs.c cups-1.3.11/cgi-bin/jobs.c --- cups-1.3.11.orig/cgi-bin/jobs.c 2008-07-12 00:48:49.000000000 +0200 +++ cups-1.3.11/cgi-bin/jobs.c 2009-10-21 11:43:13.000000000 +0200 @@ -57,6 +57,7 @@ main(int argc, /* I - Number of comm */ cgiSetVariable("SECTION", "jobs"); + cgiSetVariable("REFRESH_PAGE", ""); /* * Connect to the HTTP server... diff -upr cups-1.3.11.orig/cgi-bin/printers.c cups-1.3.11/cgi-bin/printers.c --- cups-1.3.11.orig/cgi-bin/printers.c 2008-07-12 00:48:49.000000000 +0200 +++ cups-1.3.11/cgi-bin/printers.c 2009-10-21 11:42:30.000000000 +0200 @@ -72,6 +72,7 @@ main(int argc, /* I - Number of comm */ cgiSetVariable("SECTION", "printers"); + cgiSetVariable("REFRESH_PAGE", ""); /* * See if we are displaying a printer or all printers... diff -upr cups-1.3.11.orig/cgi-bin/template.c cups-1.3.11/cgi-bin/template.c --- cups-1.3.11.orig/cgi-bin/template.c 2008-07-12 00:48:49.000000000 +0200 +++ cups-1.3.11/cgi-bin/template.c 2009-10-21 11:42:50.000000000 +0200 @@ -639,6 +639,8 @@ cgi_puts(const char *s, /* I - String fputs(">", out); else if (*s == '\"') fputs(""", out); + else if (*s == '\'') + fputs("'", out); else if (*s == '&') fputs("&", out); else @@ -659,7 +661,7 @@ cgi_puturi(const char *s, /* I - String { while (*s) { - if (strchr("%&+ <>#=", *s) || *s & 128) + if (strchr("%@&+ <>#=", *s) || *s < ' ' || *s & 128) fprintf(out, "%%%02X", *s & 255); else putc(*s, out); diff -upr cups-1.3.11.orig/cgi-bin/var.c cups-1.3.11/cgi-bin/var.c --- cups-1.3.11.orig/cgi-bin/var.c 2009-05-08 06:56:54.000000000 +0200 +++ cups-1.3.11/cgi-bin/var.c 2009-10-21 11:43:09.000000000 +0200 @@ -15,6 +15,7 @@ * Contents: * * cgiCheckVariables() - Check for the presence of "required" variables. + * cgiClearVariables() - Clear all form variables. * cgiGetArray() - Get an element from a form array... * cgiGetFile() - Get the file (if any) that was submitted in the form. * cgiGetSize() - Get the size of a form array value. @@ -135,6 +136,31 @@ cgiCheckVariables(const char *names) /* /* + * 'cgiClearVariables()' - Clear all form variables. + */ + +void +cgiClearVariables(void) +{ + int i, j; /* Looping vars */ + _cgi_var_t *v; /* Current variable */ + + + for (v = form_vars, i = form_count; i > 0; v ++, i --) + { + _cupsStrFree(v->name); + for (j = 0; j < v->nvalues; j ++) + if (v->values[j]) + _cupsStrFree(v->values[j]); + } + + form_count = 0; + + cgi_unlink_file(); +} + + +/* * 'cgiGetArray()' - Get an element from a form array... */ @@ -154,7 +180,7 @@ cgiGetArray(const char *name, /* I - Na if (element < 0 || element >= var->nvalues) return (NULL); - return (var->values[element]); + return (_cupsStrAlloc(var->values[element])); } @@ -209,7 +235,7 @@ cgiGetVariable(const char *name) /* I - var->values[var->nvalues - 1]); #endif /* DEBUG */ - return ((var == NULL) ? NULL : var->values[var->nvalues - 1]); + return ((var == NULL) ? NULL : _cupsStrAlloc(var->values[var->nvalues - 1])); } @@ -341,9 +367,9 @@ cgiSetArray(const char *name, /* I - Na var->nvalues = element + 1; } else if (var->values[element]) - free((char *)var->values[element]); + _cupsStrFree((char *)var->values[element]); - var->values[element] = strdup(value); + var->values[element] = _cupsStrAlloc(value); } } @@ -388,7 +414,7 @@ cgiSetSize(const char *name, /* I - Nam { for (i = size; i < var->nvalues; i ++) if (var->values[i]) - free((void *)(var->values[i])); + _cupsStrFree((void *)(var->values[i])); } var->nvalues = size; @@ -421,9 +447,9 @@ cgiSetVariable(const char *name, /* I - { for (i = 0; i < var->nvalues; i ++) if (var->values[i]) - free((char *)var->values[i]); + _cupsStrFree((char *)var->values[i]); - var->values[0] = strdup(value); + var->values[0] = _cupsStrAlloc(value); var->nvalues = 1; } } @@ -470,10 +496,10 @@ cgi_add_variable(const char *name, /* I if ((var->values = calloc(element + 1, sizeof(char *))) == NULL) return; - var->name = strdup(name); + var->name = _cupsStrAlloc(name); var->nvalues = element + 1; var->avalues = element + 1; - var->values[element] = strdup(value); + var->values[element] = _cupsStrAlloc(value); form_count ++; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor