DBUS notifications could crash the scheduler (Issue #5143)

- scheduler/ipp.c: Make sure requesting-user-name string is valid UTF-8.

diff --git a/CHANGES.md b/CHANGES.md
index 2fdf93e3247d1cff5817ec5ca2456d896a36bcd5..86eb1dbdc0d2e73b547879d9c3bf013a2e099543 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,12 +1,13 @@
-CHANGES - 2.2.6 - 2017-10-19
+CHANGES - 2.2.6 - 2017-10-23
 ============================
 
 
 Changes in CUPS v2.2.6
 ----------------------
 
+- DBUS notifications could crash the scheduler (Issue #5143)
 - Added USB quirks rules for Canon MP540 and Samsung ML-2160 (Issue #5148)
-- Fixed TLS cipher suite selection with GNU TLS (Issue #5145)
+- Fixed TLS cipher suite selection with GNU TLS (Issue #5145, Issue #5150)
 
 
 Changes in CUPS v2.2.5

diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index e6743cdcb3e3e274a68a65fd88c21b4609c49512..5cf980ab3213b587347a488063324291f6efc4ae 100644 (file)
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -1597,6 +1597,16 @@ add_job(cupsd_client_t  *con,            /* I - Client connection */
     return (NULL);
   }
 
+  attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
+
+  if (attr && !ippValidateAttribute(attr))
+  {
+    send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
+    if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
+      attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+    return (NULL);
+  }
+
   if ((job = cupsdAddJob(priority, printer->name)) == NULL)
   {
     send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1615,8 +1625,6 @@ add_job(cupsd_client_t  *con,             /* I - Client connection */
   add_job_uuid(job);
   apply_printer_defaults(printer, job);
 
-  attr = ippFindAttribute(job->attrs, "requesting-user-name", IPP_TAG_NAME);
-
   if (con->username[0])
   {
     cupsdSetString(&job->username, con->username);