41 lines
1.4 KiB
Diff
41 lines
1.4 KiB
Diff
From a7f63f254bcb43f52dc45ab5d883ae6517678544 Mon Sep 17 00:00:00 2001
|
|
From: Michael R Sweet <michael.r.sweet@gmail.com>
|
|
Date: Fri, 13 Dec 2019 09:30:46 -0500
|
|
Subject: [PATCH] CVE-2019-2228: Fix ippSetValueTag validation of default
|
|
language.
|
|
|
|
---
|
|
CHANGES.md | 2 ++
|
|
cups/ipp.c | 2 +-
|
|
2 files changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/CHANGES.md b/CHANGES.md
|
|
index 7220dc9..06f96bc 100644
|
|
--- a/CHANGES.md
|
|
+++ b/CHANGES.md
|
|
@@ -5,6 +5,8 @@ CHANGES - 2.2.8 - 2018-06-05
|
|
Changes in CUPS v2.2.8
|
|
----------------------
|
|
|
|
+- CVE-2019-2228: The `ippSetValuetag` function did not validate the default
|
|
+ language value.
|
|
- Additional changes for the scheduler to substitute default values for invalid
|
|
job attributes when running in "relaxed conformance" mode (Issue #5229)
|
|
- The `ipptool` program no longer checks for duplicate attributes when running
|
|
diff --git a/cups/ipp.c b/cups/ipp.c
|
|
index 5807de8..1143550 100644
|
|
--- a/cups/ipp.c
|
|
+++ b/cups/ipp.c
|
|
@@ -4654,7 +4654,7 @@ ippSetValueTag(
|
|
return (0);
|
|
|
|
if (ipp->attrs && ipp->attrs->next && ipp->attrs->next->name &&
|
|
- !strcmp(ipp->attrs->next->name, "attributes-natural-language"))
|
|
+ !strcmp(ipp->attrs->next->name, "attributes-natural-language") && (ipp->attrs->next->value_tag & IPP_TAG_CUPS_MASK) == IPP_TAG_LANGUAGE)
|
|
{
|
|
/*
|
|
* Use the language code from the IPP message...
|
|
--
|
|
1.8.3.1
|
|
|