Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
cups-filters.29065
cups-filters-1.20.3-0002-beh-backend-Extra-chec...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cups-filters-1.20.3-0002-beh-backend-Extra-checks-against-odd-forged-input-CVE-2023-24805.patch of Package cups-filters.29065
--- backend/beh.c.patched-0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805 2023-05-16 10:14:25.596390823 +0200 +++ backend/beh.c 2023-05-16 10:24:59.289837221 +0200 @@ -222,14 +222,30 @@ call_backend(char *uri, wait_pid, wait_status, retval = 0; + int bytes; /* * Build the backend command line... */ + scheme[0] = '\0'; strncpy(scheme, uri, sizeof(scheme)); + if (strlen(uri) > sizeof(scheme) - 1) + scheme[sizeof(scheme) - 1] = '\0'; if ((ptr = strchr(scheme, ':')) != NULL) *ptr = '\0'; + else + { + fprintf(stderr, + "ERROR: beh: Invalid URI, no colon (':') to mark end of scheme part.\n"); + exit (CUPS_BACKEND_FAILED); + } + if (strchr(scheme, '/')) + { + fprintf(stderr, + "ERROR: beh: Invalid URI, scheme contains a slash ('/').\n"); + exit (CUPS_BACKEND_FAILED); + } if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL) cups_serverbin = CUPS_SERVERBIN; @@ -249,8 +265,15 @@ call_backend(char *uri, backend_argv[6] = filename; backend_argv[7] = NULL; - snprintf(backend_path, sizeof(backend_path), - "%s/backend/%s", cups_serverbin, scheme); + bytes = snprintf(backend_path, sizeof(backend_path), + "%s/backend/%s", cups_serverbin, scheme); + if (bytes < 0 || bytes >= sizeof(backend_path)) + { + fprintf(stderr, + "ERROR: beh: Invalid scheme (\"%s\"), could not determing backend path.\n", + scheme); + exit (CUPS_BACKEND_FAILED); + } /* * Overwrite the device URI and run the actual backend...
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor