packages/cups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!46 fix CVE-2020-10001

Browse Source 
From: @liuyumeng1
Reviewed-by: @small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-09-24 03:49:09 +00:00 committed by Gitee
commit 1d35f46871
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
backport-CVE-2020-10001.patch Normal file
View File

@ -0,0 +1,52 @@
From efbea1742bd30f842fbbfb87a473e5c84f4162f9 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Mon, 1 Feb 2021 15:02:32 -0500
Subject: [PATCH] Fix a buffer (read) overflow in ippReadIO (CVE-2020-10001)
---
cups/ipp.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/cups/ipp.c b/cups/ipp.c
index 3d52934..84b8da6 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -2866,7 +2866,8 @@ ippReadIO(void *src, /* I - Data source */
unsigned char *buffer, /* Data buffer */
string[IPP_MAX_TEXT],
/* Small string buffer */
- *bufptr; /* Pointer into buffer */
+ *bufptr, /* Pointer into buffer */
+ *bufend; /* End of buffer */
ipp_attribute_t *attr; /* Current attribute */
ipp_tag_t tag; /* Current tag */
ipp_tag_t value_tag; /* Current value tag */
@@ -3441,6 +3442,7 @@ ippReadIO(void *src, /* I - Data source */
}
bufptr = buffer;
+ bufend = buffer + n;
/*
* text-with-language and name-with-language are composite
@@ -3454,7 +3456,7 @@ ippReadIO(void *src, /* I - Data source */
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP language length overflows value."), 1);
@@ -3481,7 +3483,7 @@ ippReadIO(void *src, /* I - Data source */
bufptr += 2 + n;
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
+ if ((bufptr + 2 + n) > bufend)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP string length overflows value."), 1);
--
2.27.0

9
cups.spec
View File

@ -2,7 +2,7 @@
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.3.3 Version: 2.3.3
Release: 6 Release: 7
Summary: CUPS is the standards-based, open source printing system for linux operating systems. Summary: CUPS is the standards-based, open source printing system for linux operating systems.
License: GPLv2+ and LGPLv2+ with exceptions and AML License: GPLv2+ and LGPLv2+ with exceptions and AML
Url: http://www.cups.org/ Url: http://www.cups.org/
@ -42,6 +42,7 @@ Patch27: cups-etimedout.patch
Patch28: cups-webui-uri.patch Patch28: cups-webui-uri.patch
Patch29: cups-ipptool-mdns-uri.patch Patch29: cups-ipptool-mdns-uri.patch
Patch30: cups-manual-copies.patch Patch30: cups-manual-copies.patch
Patch6000: backport-CVE-2020-10001.patch
Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
@ -332,6 +333,12 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
%doc %{_datadir}/%{name}/www/apple-touch-icon.png %doc %{_datadir}/%{name}/www/apple-touch-icon.png
%changelog %changelog
* Fri Sep 24 2021 liuyumeng <liuyumeng5@huawei.com> - 2.3.3-7
- Type:CVE
- ID:CVE-2020-10001
- SUG:NA
- DESC:Fix CVE-2020-10001
* Tue Jun 08 2021 wangkerong <wangkeorng@huawei.com> - 2.3.3-6 * Tue Jun 08 2021 wangkerong <wangkeorng@huawei.com> - 2.3.3-6
- Type:CVE - Type:CVE
- ID:CVE-2021-25317 - ID:CVE-2021-25317