1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-34241.patch b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch
new file mode 100644
index 0000000000..816efc2946
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch
@@ -0,0 +1,65 @@
+From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
+From: Rose <83477269+AtariDreams@users.noreply.github.com>
+Date: Thu, 1 Jun 2023 11:33:39 -0400
+Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
+httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
+We have to log the hostname first.
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2]
+CVE: CVE-2023-34241
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ scheduler/client.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+diff --git a/scheduler/client.c b/scheduler/client.c
+index 91e441188c..327473a4d1 100644
+--- a/scheduler/client.c
+++ b/scheduler/client.c
+@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+    /*
+     * Can't have an unresolved IP address with double-lookups enabled...
+     */
+-
+-    httpClose(con->http);
+-
+     cupsdLogClient(con, CUPSD_LOG_WARN,
+-                    "Name lookup failed - connection from %s closed!",
+                    "Name lookup failed - closing connection from %s!",
+                     httpGetHostname(con->http, NULL, 0));
+ 
+    httpClose(con->http);
+     free(con);
+     return;
+   }
+@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+       * with double-lookups enabled...
+       */
+ 
+-      httpClose(con->http);
+-
+       cupsdLogClient(con, CUPSD_LOG_WARN,
+-                      "IP lookup failed - connection from %s closed!",
+                      "IP lookup failed - closing connection from %s!",
+                       httpGetHostname(con->http, NULL, 0));
+
+      httpClose(con->http);
+       free(con);
+       return;
+     }
+@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+ 
+   if (!hosts_access(&wrap_req))
+   {
+-    httpClose(con->http);
+-
+     cupsdLogClient(con, CUPSD_LOG_WARN,
+                     "Connection from %s refused by /etc/hosts.allow and "
+                    "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+
+    httpClose(con->http);
+     free(con);
+     return;
+   }

diff --git a/meta/recipes-extended/cups/cups/CVE-2023-34241.patch b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch new file mode 100644 index 0000000000..816efc2946 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch
@@ -0,0 +1,65 @@
	1	From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
	2	From: Rose <83477269+AtariDreams@users.noreply.github.com>
	3	Date: Thu, 1 Jun 2023 11:33:39 -0400
	4	Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
	5
	6	httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
	7
	8	We have to log the hostname first.
	9
	10	Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2]
	11	CVE: CVE-2023-34241
	12	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	13	---
	14	scheduler/client.c \| 16 +++++++---------
	15	1 file changed, 7 insertions(+), 9 deletions(-)
	16
	17	diff --git a/scheduler/client.c b/scheduler/client.c
	18	index 91e441188c..327473a4d1 100644
	19	--- a/scheduler/client.c
	20	+++ b/scheduler/client.c
	21	@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t lis)/ I - Listener socket */
	22	/*
	23	* Can't have an unresolved IP address with double-lookups enabled...
	24	*/
	25	-
	26	- httpClose(con->http);
	27	-
	28	cupsdLogClient(con, CUPSD_LOG_WARN,
	29	- "Name lookup failed - connection from %s closed!",
	30	+ "Name lookup failed - closing connection from %s!",
	31	httpGetHostname(con->http, NULL, 0));
	32
	33	+ httpClose(con->http);
	34	free(con);
	35	return;
	36	}
	37	@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t lis)/ I - Listener socket */
	38	* with double-lookups enabled...
	39	*/
	40
	41	- httpClose(con->http);
	42	-
	43	cupsdLogClient(con, CUPSD_LOG_WARN,
	44	- "IP lookup failed - connection from %s closed!",
	45	+ "IP lookup failed - closing connection from %s!",
	46	httpGetHostname(con->http, NULL, 0));
	47	+
	48	+ httpClose(con->http);
	49	free(con);
	50	return;
	51	}
	52	@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t lis)/ I - Listener socket */
	53
	54	if (!hosts_access(&wrap_req))
	55	{
	56	- httpClose(con->http);
	57	-
	58	cupsdLogClient(con, CUPSD_LOG_WARN,
	59	"Connection from %s refused by /etc/hosts.allow and "
	60	"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
	61	+
	62	+ httpClose(con->http);
	63	free(con);
	64	return;
	65	}