37 lines
944 B
Diff
37 lines
944 B
Diff
|
From 95576ec3d20c109332d14672a807353cdc551018 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||
|
|
Date: Thu, 26 Sep 2024 23:09:29 +0200
|
||
|
|
Subject: [PATCH] cfGetPrinterAttributes5(): Validate response attributes
|
||
|
|
before return
|
||
|
|
|
||
|
|
The destination can be corrupted or forged, so validate the response
|
||
|
|
to strenghten security measures.
|
||
|
|
|
||
|
|
Fixes CVE-2024-47076
|
||
|
|
---
|
||
|
|
cupsfilters/ipp.c | 8 ++++++++
|
||
|
|
1 file changed, 8 insertions(+)
|
||
|
|
|
||
|
|
diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
|
||
|
|
index d703327..88f66b5 100644
|
||
|
|
--- a/cupsfilters/ipp.c
|
||
|
|
+++ b/cupsfilters/ipp.c
|
||
|
|
@@ -402,6 +402,14 @@ get_printer_attributes5(http_t *http_printer,
|
||
|
|
total_attrs);
|
||
|
|
ippDelete(response);
|
||
|
|
} else {
|
||
|
|
+
|
||
|
|
+ // Check if the response is valid
|
||
|
|
+ if (!ippValidateAttributes(response))
|
||
|
|
+ {
|
||
|
|
+ ippDelete(response);
|
||
|
|
+ response = NULL;
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
/* Suitable response, we are done */
|
||
|
|
if (have_http == 0) httpClose(http_printer);
|
||
|
|
if (uri) free(uri);
|
||
|
|
--
|
||
|
|
2.43.0
|
||
|
|
|