From 38257f25bd8494ff2a7421017d02df38fb87de50 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Jan 17 2012 12:47:36 +0000 Subject: Don't accept Device URIs of '\0' from SNMP devices (bug #770646, STR #4004). --- diff --git a/cups-str4004.patch b/cups-str4004.patch new file mode 100644 index 0000000..f507042 --- /dev/null +++ b/cups-str4004.patch @@ -0,0 +1,13 @@ +diff -up cups-1.5.0/backend/snmp.c.snmp-bad-uri cups-1.5.0/backend/snmp.c +--- cups-1.5.0/backend/snmp.c.snmp-bad-uri 2012-01-17 11:51:00.786457690 +0000 ++++ cups-1.5.0/backend/snmp.c 2012-01-17 11:51:57.123384361 +0000 +@@ -1120,7 +1120,8 @@ read_snmp_response(int fd) /* I - SNMP + + case DEVICE_URI : + if (device && packet.object_type == CUPS_ASN1_OCTET_STRING && +- !device->uri && packet.object_value.string.num_bytes > 0) ++ !device->uri && packet.object_value.string.num_bytes > 3 && ++ strlen ((char *)packet.object_value.string.bytes) > 3) + { + /* + * Update an existing cache entry... diff --git a/cups.spec b/cups.spec index e28dd5c..d8f4809 100644 --- a/cups.spec +++ b/cups.spec @@ -13,7 +13,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.4.8 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Group: System Environment/Daemons Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 @@ -74,6 +74,7 @@ Patch34: cups-str3535.patch Patch35: cups-polld-busy-loop.patch Patch36: cups-CVE-2011-2896.patch Patch37: cups-str3947.patch +Patch38: cups-str4004.patch Patch40: cups-avahi-1-config.patch Patch41: cups-avahi-2-backend.patch @@ -297,6 +298,9 @@ module. %patch36 -p1 -b .CVE-2011-2896 # Fixed string manipulation in the dbus notifier (STR #3947, bug #741833). %patch37 -p1 -b .str3947 +# Don't accept Device URIs of '\0' from SNMP devices +# (bug #770646, STR #4004). +%patch38 -p1 -b .str4004 # Avahi support: # - discovery in the dnssd backend @@ -639,6 +643,10 @@ rm -rf $RPM_BUILD_ROOT %{php_extdir}/phpcups.so %changelog +* Tue Jan 17 2012 Tim Waugh 1:1.4.8-8 +- Don't accept Device URIs of '\0' from SNMP devices + (bug #770646, STR #4004). + * Wed Dec 21 2011 Tim Waugh 1:1.4.8-7 - Fixed textonly filter to work with single copies (bug #738412).