packages/cups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cups/backport-0003-CVE-2024-47175.patch
zppzhangpan b562f05081 fix CVE-2024-47175 
(cherry picked from commit ffdfc20f12fc74a4373c3878c6d26f733c683e52)
2024-10-08 15:14:17 +08:00

115 lines
4.2 KiB
Diff
Raw Permalink Blame History

From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Mon, 9 Sep 2024 15:59:57 -0400
Subject: [PATCH] PPDize preset and template names.
Reference:https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844
Conflict:NA
---
cups/ppd-cache.c | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -5926,12 +5926,14 @@ _ppdCreateFromIPP2(
cupsArrayAdd(templates, (void *)keyword);
+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+
snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword);
if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
msgstr = keyword;
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", keyword);
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col))
{
if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION)
@@ -5944,7 +5946,7 @@ _ppdCreateFromIPP2(
}
}
cupsFilePuts(fp, "\"\n");
- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, keyword, msgstr);
+ cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr);
cupsFilePuts(fp, "*End\n");
}
@@ -5990,7 +5992,8 @@ _ppdCreateFromIPP2(
if (!preset || !preset_name)
continue;
- cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name);
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname);
for (member = ippFirstAttribute(preset); member; member = ippNextAttribute(preset))
{
member_name = ippGetName(member);
@@ -6031,7 +6034,10 @@ _ppdCreateFromIPP2(
fin_col = ippGetCollection(member, i);
if ((keyword = ippGetString(ippFindAttribute(fin_col, "finishing-template", IPP_TAG_ZERO), 0, NULL)) != NULL)
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword);
+ {
+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname);
+ }
}
}
else if (!strcmp(member_name, "media"))
@@ -6058,13 +6064,13 @@ _ppdCreateFromIPP2(
if ((keyword = ippGetString(ippFindAttribute(media_col, "media-source", IPP_TAG_ZERO), 0, NULL)) != NULL)
{
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*InputSlot %s\n", keyword);
+ cupsFilePrintf(fp, "*InputSlot %s\n", ppdname);
}
if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", IPP_TAG_ZERO), 0, NULL)) != NULL)
{
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*MediaType %s\n", keyword);
+ cupsFilePrintf(fp, "*MediaType %s\n", ppdname);
}
}
else if (!strcmp(member_name, "print-quality"))
@@ -6110,7 +6116,10 @@ _ppdCreateFromIPP2(
cupsFilePuts(fp, "\"\n*End\n");
if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name)
- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, preset_name, localized_name);
+ {
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name);
+ }
}
}
@@ -6480,7 +6489,7 @@ pwg_ppdize_name(const char *ipp, /* I -
*end; /* End of name buffer */
- if (!ipp)
+ if (!ipp || !_cups_isalnum(*ipp))
{
*name = '\0';
return;
@@ -6495,8 +6504,14 @@ pwg_ppdize_name(const char *ipp, /* I -
ipp ++;
*ptr++ = (char)toupper(*ipp++ & 255);
}
- else
+ else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp))
+ {
*ptr++ = *ipp++;
+ }
+ else
+ {
+ ipp ++;
+ }
}
*ptr = '\0';
Reference in New Issue View Git Blame Copy Permalink