diff options
Diffstat (limited to 'meta/recipes-extended/cups/cups/CVE-2023-34241.patch')
-rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2023-34241.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-34241.patch b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch new file mode 100644 index 0000000000..816efc2946 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Rose <83477269+AtariDreams@users.noreply.github.com> | ||
3 | Date: Thu, 1 Jun 2023 11:33:39 -0400 | ||
4 | Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection | ||
5 | |||
6 | httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to. | ||
7 | |||
8 | We have to log the hostname first. | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2] | ||
11 | CVE: CVE-2023-34241 | ||
12 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
13 | --- | ||
14 | scheduler/client.c | 16 +++++++--------- | ||
15 | 1 file changed, 7 insertions(+), 9 deletions(-) | ||
16 | |||
17 | diff --git a/scheduler/client.c b/scheduler/client.c | ||
18 | index 91e441188c..327473a4d1 100644 | ||
19 | --- a/scheduler/client.c | ||
20 | +++ b/scheduler/client.c | ||
21 | @@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
22 | /* | ||
23 | * Can't have an unresolved IP address with double-lookups enabled... | ||
24 | */ | ||
25 | - | ||
26 | - httpClose(con->http); | ||
27 | - | ||
28 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
29 | - "Name lookup failed - connection from %s closed!", | ||
30 | + "Name lookup failed - closing connection from %s!", | ||
31 | httpGetHostname(con->http, NULL, 0)); | ||
32 | |||
33 | + httpClose(con->http); | ||
34 | free(con); | ||
35 | return; | ||
36 | } | ||
37 | @@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
38 | * with double-lookups enabled... | ||
39 | */ | ||
40 | |||
41 | - httpClose(con->http); | ||
42 | - | ||
43 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
44 | - "IP lookup failed - connection from %s closed!", | ||
45 | + "IP lookup failed - closing connection from %s!", | ||
46 | httpGetHostname(con->http, NULL, 0)); | ||
47 | + | ||
48 | + httpClose(con->http); | ||
49 | free(con); | ||
50 | return; | ||
51 | } | ||
52 | @@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
53 | |||
54 | if (!hosts_access(&wrap_req)) | ||
55 | { | ||
56 | - httpClose(con->http); | ||
57 | - | ||
58 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
59 | "Connection from %s refused by /etc/hosts.allow and " | ||
60 | "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); | ||
61 | + | ||
62 | + httpClose(con->http); | ||
63 | free(con); | ||
64 | return; | ||
65 | } | ||