CVE-2019-2228: Fix ippSetValueTag validation of default language.

[thirdparty/cups.git] / systemv / cupsctl.c
diff --git a/systemv/cupsctl.c b/systemv/cupsctl.c

index c9ab991778c9e5fa7013783d8e03534de4ec6dcf..3b5b4c58c404dd5228eb65c5333ed4da15d293c9 100644 (file)
--- a/systemv/cupsctl.c
+++ b/systemv/cupsctl.c
@@ -1,16 +1,11 @@
  /*
   * Scheduler control program for CUPS.
   *
- * Copyright 2007-2012 by Apple Inc.
- * Copyright 2006-2007 by Easy Software Products.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 2006-2007 by Easy Software Products.
   *
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file.  If this file is
- * missing or damaged, see the license at "http://www.cups.org/".
- *
- * This file is subject to the Apple OS-Developed Software exception.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ * information.
   */
  
  /*
@@ -25,7 +20,7 @@
   * Local functions...
   */
  
-static void    usage(const char *opt) __attribute__((noreturn));
+static void    usage(const char *opt) _CUPS_NORETURN;
  
  
  /*
@@ -36,11 +31,47 @@ int                                 /* O - Exit status */
  main(int  argc,                                /* I - Number of command-line args */
       char *argv[])                     /* I - Command-line arguments */
  {
-  int          i,                      /* Looping var */
+  int          i, j,                   /* Looping vars */
                 num_settings;           /* Number of settings */
-  cups_option_t        *settings;              /* Settings */
+  cups_option_t        *settings,              /* Settings */
+               *setting;               /* Current setting */
    const char   *opt;                   /* Current option character */
    http_t       *http;                  /* Connection to server */
+  static const char * const disallowed[] =
+  {                                    /* List of disallowed directives for cupsd.conf */
+    "AccessLog",
+    "CacheDir",
+    "ConfigFilePerm",
+    "DataDir",
+    "DocumentRoot",
+    "ErrorLog",
+    "FatalErrors",
+    "FileDevice",
+    "FontPath",
+    "Group",
+    "Listen",
+    "LogFilePerm",
+    "LPDConfigFile",
+    "PageLog",
+    "PassEnv",
+    "Port",
+    "Printcap",
+    "PrintcapFormat",
+    "RemoteRoot",
+    "RequestRoot",
+    "ServerBin",
+    "ServerCertificate",
+    "ServerKey",
+    "ServerKeychain",
+    "ServerRoot",
+    "SetEnv",
+    "SMBConfigFile",
+    "StateDir",
+    "SystemGroup",
+    "SystemGroupAuthKey",
+    "TempDir",
+    "User"
+  };
  
  
   /*
@@ -54,7 +85,9 @@ main(int  argc,                               /* I - Number of command-line args */
  
    for (i = 1; i < argc; i ++)
    {
-    if (argv[i][0] == '-')
+    if (!strcmp(argv[i], "--help"))
+      usage(NULL);
+    else if (argv[i][0] == '-')
      {
        if (argv[i][1] == '-')
        {
@@ -128,11 +161,16 @@ main(int  argc,                           /* I - Number of command-line args */
        usage(argv[i]);
    }
  
-  if (cupsGetOption("Listen", num_settings, settings) ||
-      cupsGetOption("Port", num_settings, settings))
+  for (i = num_settings, setting = settings; i > 0; i --, setting ++)
    {
-    _cupsLangPuts(stderr, _("cupsctl: Cannot set Listen or Port directly."));
-    return (1);
+    for (j = 0; j < (int)(sizeof(disallowed) / sizeof(disallowed[0])); j ++)
+    {
+      if (!_cups_strcasecmp(setting->name, disallowed[j]))
+      {
+       _cupsLangPrintf(stderr, _("cupsctl: Cannot set %s directly."), disallowed[j]);
+       return (1);
+      }
+    }
    }
  
   /*
@@ -190,26 +228,16 @@ usage(const char *opt)                    /* I - Option character/string */
        _cupsLangPrintf(stderr, _("cupsctl: Unknown option \"-%c\""), *opt);
    }
  
-  _cupsLangPuts(stdout, _("Usage: cupsctl [options] [param=value ... "
-                          "paramN=valueN]"));
-  _cupsLangPuts(stdout, "");
+  _cupsLangPuts(stdout, _("Usage: cupsctl [options] [param=value ... paramN=valueN]"));
    _cupsLangPuts(stdout, _("Options:"));
-  _cupsLangPuts(stdout, "");
-  _cupsLangPuts(stdout, _("  -E                      Encrypt the connection."));
-  _cupsLangPuts(stdout, _("  -U username             Specify username."));
-  _cupsLangPuts(stdout, _("  -h server[:port]        Specify server "
-                          "address."));
-  _cupsLangPuts(stdout, "");
-  _cupsLangPuts(stdout, _("  --[no-]debug-logging    Turn debug logging "
-                          "on/off."));
-  _cupsLangPuts(stdout, _("  --[no-]remote-admin     Turn remote "
-                          "administration on/off."));
-  _cupsLangPuts(stdout, _("  --[no-]remote-any       Allow/prevent access "
-                          "from the Internet."));
-  _cupsLangPuts(stdout, _("  --[no-]share-printers   Turn printer sharing "
-                          "on/off."));
-  _cupsLangPuts(stdout, _("  --[no-]user-cancel-any  Allow/prevent users to "
-                          "cancel any job."));
+  _cupsLangPuts(stdout, _("-E                      Encrypt the connection to the server"));
+  _cupsLangPuts(stdout, _("-h server[:port]        Connect to the named server and port"));
+  _cupsLangPuts(stdout, _("-U username             Specify username to use for authentication"));
+  _cupsLangPuts(stdout, _("--[no-]debug-logging    Turn debug logging on/off"));
+  _cupsLangPuts(stdout, _("--[no-]remote-admin     Turn remote administration on/off"));
+  _cupsLangPuts(stdout, _("--[no-]remote-any       Allow/prevent access from the Internet"));
+  _cupsLangPuts(stdout, _("--[no-]share-printers   Turn printer sharing on/off"));
+  _cupsLangPuts(stdout, _("--[no-]user-cancel-any  Allow/prevent users to cancel any job"));
  
    exit(1);
  }