Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Factory:Staging:G
cups
cups-2.4.8-CVE-2024-35235.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cups-2.4.8-CVE-2024-35235.patch of Package cups
--- cups/http-addr.c.orig 2024-04-26 13:38:21.000000000 +0200 +++ cups/http-addr.c 2024-06-11 10:20:21.866920900 +0200 @@ -202,31 +202,30 @@ httpAddrListen(http_addr_t *addr, /* I - { mode_t mask; /* Umask setting */ - /* - * Remove any existing domain socket file... - */ - - unlink(addr->un.sun_path); - - /* - * Save the current umask and set it to 0 so that all users can access - * the domain socket... - */ - - mask = umask(0); - - /* - * Bind the domain socket... - */ - - status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); - - /* - * Restore the umask and fix permissions... - */ - - umask(mask); - chmod(addr->un.sun_path, 0140777); + // Remove any existing domain socket file... + if ((status = unlink(addr->un.sun_path)) < 0) + { + DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno))); + + if (errno == ENOENT) + status = 0; + } + + if (!status) + { + // Save the current umask and set it to 0 so that all users can access + // the domain socket... + mask = umask(0); + + // Bind the domain socket... + if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) + { + DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno))); + } + + // Restore the umask... + umask(mask); + } } else #endif /* AF_LOCAL */ --- scheduler/conf.c.orig 2024-04-26 13:38:21.000000000 +0200 +++ scheduler/conf.c 2024-06-11 10:14:06.091882607 +0200 @@ -3084,6 +3084,26 @@ read_cupsd_conf(cups_file_t *fp) /* I - /* + * If we are launched on-demand, do not use domain sockets from the config + * file. Also check that the domain socket path is not too long... + */ + +#ifdef HAVE_ONDEMAND + if (*value == '/' && OnDemand) + { + if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) + cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); + continue; + } +#endif // HAVE_ONDEMAND + + if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) + { + cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); + continue; + } + + /* * Get the address list... */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor