CHANGES IN CUPS V2.0.3
+ - Security: Fixed CERT VU #810572 exploiting the dynamic linker (STR #4609)
- Restored missing generic printer icon file (STR #4587)
- Fixed logging of configuration errors to show up as errors (STR #4582)
- Fixed potential buffer overflows in raster code and filters
*
* CGI <-> IPP variable routines for CUPS.
*
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
* Rewrite URIs...
*/
- if (!strcmp(name, "member_uris"))
- {
- char url[1024]; /* URL for class member... */
-
-
- cgiRewriteURL(attr->values[i].string.text, url,
- sizeof(url), NULL);
-
- snprintf(valptr, sizeof(value) - (size_t)(valptr - value),
- "<A HREF=\"%s\">%s</A>", url,
- strrchr(attr->values[i].string.text, '/') + 1);
- }
- else
- cgiRewriteURL(attr->values[i].string.text, valptr,
- (int)(sizeof(value) - (size_t)(valptr - value)), NULL);
+ cgiRewriteURL(attr->values[i].string.text, valptr, (int)(sizeof(value) - (size_t)(valptr - value)), NULL);
break;
}
*
* CGI template function.
*
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
* Copyright 1997-2006 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
while (*s)
{
if (*s == '<')
- {
- /*
- * Pass <A HREF="url"> and </A>, otherwise quote it...
- */
-
- if (!_cups_strncasecmp(s, "<A HREF=\"", 9))
- {
- fputs("<A HREF=\"", out);
- s += 9;
-
- while (*s && *s != '\"')
- {
- if (*s == '&')
- fputs("&", out);
- else
- putc(*s, out);
-
- s ++;
- }
-
- if (*s)
- s ++;
-
- fputs("\">", out);
- }
- else if (!_cups_strncasecmp(s, "</A>", 4))
- {
- fputs("</A>", out);
- s += 3;
- }
- else
- fputs("<", out);
- }
+ fputs("<", out);
else if (*s == '>')
fputs(">", out);
else if (*s == '\"')
*
* Client routines for the CUPS scheduler.
*
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
* This file contains Kerberos support code, copyright 2006 by
httpClose(con->http);
- cupsdClearString(&con->filename);
+ if (con->filename)
+ {
+ unlink(con->filename);
+ cupsdClearString(&con->filename);
+ }
+
cupsdClearString(&con->command);
cupsdClearString(&con->options);
cupsdClearString(&con->query_string);
/*
* "$Id$"
*
- * Environment management routines for the CUPS scheduler.
+ * Environment management routines for the CUPS scheduler.
*
- * Copyright 2007-2011 by Apple Inc.
- * Copyright 1997-2006 by Easy Software Products, all rights reserved.
+ * Copyright 2007-2014 by Apple Inc.
+ * Copyright 1997-2006 by Easy Software Products, all rights reserved.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
- *
- * Contents:
- *
- * cupsdInitEnv() - Initialize the current environment with standard
- * variables.
- * cupsdLoadEnv() - Copy common environment variables into an array.
- * cupsdSetEnv() - Set a common environment variable.
- * cupsdSetEnvf() - Set a formatted common environment variable.
- * cupsdUpdateEnv() - Update the environment for the configured directories.
- * clear_env() - Clear common environment variables.
- * find_env() - Find a common environment variable.
+ * These coded instructions, statements, and computer programs are the
+ * property of Apple Inc. and are protected by Federal copyright
+ * law. Distribution and use rights are outlined in the file "LICENSE.txt"
+ * which should have been included with this file. If this file is
+ * file is missing or damaged, see the license at "http://www.cups.org/".
*/
/*
if (!value)
return;
+ /*
+ * Do not allow dynamic linker variables when running as root...
+ */
+
+ if (!RunUser && (!strncmp(name, "DYLD_", 5) || !strncmp(name, "LD_", 3)))
+ return;
+
/*
* See if this variable has already been defined...
*/
*
* IPP routines for the CUPS scheduler.
*
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
* This file contains Kerberos support code, copyright 2006 by
* Remote unauthenticated user masquerading as local root...
*/
- _cupsStrFree(username->values[0].string.text);
- username->values[0].string.text = _cupsStrAlloc(RemoteRoot);
+ ippSetString(con->request, &username, 0, RemoteRoot);
}
}
cupsdSetString(&job->username, con->username);
if (attr)
- cupsdSetString(&attr->values[0].string.text, con->username);
+ ippSetString(job->attrs, &attr, 0, con->username);
}
else if (attr)
{
"job-originating-user-name", NULL, job->username);
else
{
- attr->group_tag = IPP_TAG_JOB;
- _cupsStrFree(attr->name);
- attr->name = _cupsStrAlloc("job-originating-user-name");
+ ippSetGroupTag(job->attrs, &attr, IPP_TAG_JOB);
+ ippSetName(job->attrs, &attr, "job-originating-user-name");
}
if (con->username[0] || auth_info)
* Also, we can only have 1 value and it must be a name value.
*/
- switch (attr->value_tag)
- {
- case IPP_TAG_STRING :
- case IPP_TAG_TEXTLANG :
- case IPP_TAG_NAMELANG :
- case IPP_TAG_TEXT :
- case IPP_TAG_NAME :
- case IPP_TAG_KEYWORD :
- case IPP_TAG_URI :
- case IPP_TAG_URISCHEME :
- case IPP_TAG_CHARSET :
- case IPP_TAG_LANGUAGE :
- case IPP_TAG_MIMETYPE :
- /*
- * Free old strings...
- */
-
- for (i = 0; i < attr->num_values; i ++)
- {
- _cupsStrFree(attr->values[i].string.text);
- attr->values[i].string.text = NULL;
- if (attr->values[i].string.language)
- {
- _cupsStrFree(attr->values[i].string.language);
- attr->values[i].string.language = NULL;
- }
- }
-
- default :
- break;
- }
-
- /*
- * Use the default connection hostname instead...
- */
-
- attr->value_tag = IPP_TAG_NAME;
- attr->num_values = 1;
- attr->values[0].string.text = _cupsStrAlloc(con->http->hostname);
+ ippDeleteAttribute(job->attrs, attr);
+ ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_NAME, "job-originating-host-name", NULL, con->http->hostname);
}
-
- attr->group_tag = IPP_TAG_JOB;
+ else
+ ippSetGroupTag(job->attrs, &attr, IPP_TAG_JOB);
}
else
{
attr = ippAddStrings(job->attrs, IPP_TAG_JOB, IPP_TAG_NAME, "job-sheets",
2, NULL, NULL);
- attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]);
- attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]);
+ ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
+ ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
}
job->job_sheets = attr;
* Force the leading banner to have the classification on it...
*/
- cupsdSetString(&attr->values[0].string.text, Classification);
+ ippSetString(job->attrs, &attr, 0, Classification);
cupsdLogJob(job, CUPSD_LOG_NOTICE, "CLASSIFICATION FORCED "
"job-sheets=\"%s,none\", "
* Can't put two different security markings on the same document!
*/
- cupsdSetString(&attr->values[1].string.text, attr->values[0].string.text);
+ ippSetString(job->attrs, &attr, 1, attr->values[0].string.text);
cupsdLogJob(job, CUPSD_LOG_NOTICE, "CLASSIFICATION FORCED "
"job-sheets=\"%s,%s\", "
if (attr->num_values > 1 &&
!strcmp(attr->values[0].string.text, attr->values[1].string.text))
{
- cupsdSetString(&(attr->values[0].string.text), Classification);
- cupsdSetString(&(attr->values[1].string.text), Classification);
+ ippSetString(job->attrs, &attr, 0, Classification);
+ ippSetString(job->attrs, &attr, 1, Classification);
}
else
{
if (attr->num_values == 1 ||
strcmp(attr->values[0].string.text, "none"))
- cupsdSetString(&(attr->values[0].string.text), Classification);
+ ippSetString(job->attrs, &attr, 0, Classification);
if (attr->num_values > 1 &&
strcmp(attr->values[1].string.text, "none"))
- cupsdSetString(&(attr->values[1].string.text), Classification);
+ ippSetString(job->attrs, &attr, 1, Classification);
}
if (attr->num_values > 1)
if (attr)
{
- attr->value_tag = IPP_TAG_KEYWORD;
- cupsdSetString(&(attr->values[0].string.text), "no-hold");
+ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD);
+ ippSetString(job->attrs, &attr, 0, "no-hold");
}
/*
filetype->type);
if (format)
- {
- _cupsStrFree(format->values[0].string.text);
-
- format->values[0].string.text = _cupsStrAlloc(mimetype);
- }
+ ippSetString(con->request, &format, 0, mimetype);
else
ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_MIMETYPE,
"document-format", NULL, mimetype);
if (attr)
{
- _cupsStrFree(attr->values[0].string.text);
-
- attr->value_tag = IPP_TAG_KEYWORD;
- attr->values[0].string.text = _cupsStrAlloc("no-hold");
+ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD);
+ ippSetString(job->attrs, &attr, 0, "no-hold");
cupsdAddEvent(CUPSD_EVENT_JOB_CONFIG_CHANGED, cupsdFindDest(job->dest), job,
"Job job-hold-until value changed by user.");
if ((jformat = ippFindAttribute(job->attrs, "document-format",
IPP_TAG_MIMETYPE)) != NULL)
- {
- _cupsStrFree(jformat->values[0].string.text);
-
- jformat->values[0].string.text = _cupsStrAlloc(mimetype);
- }
+ ippSetString(job->attrs, &jformat, 0, mimetype);
else
ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_MIMETYPE,
"document-format", NULL, mimetype);
if ((attr = ippFindAttribute(job->attrs, "job-actual-printer-uri",
IPP_TAG_URI)) != NULL)
- cupsdSetString(&attr->values[0].string.text, printer->uri);
+ ippSetString(job->attrs, &attr, 0, printer->uri);
else
ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_URI,
"job-actual-printer-uri", NULL, printer->uri);
if ((attr = ippFindAttribute(job->attrs, "job-printer-uri",
IPP_TAG_URI)) != NULL)
- cupsdSetString(&(attr->values[0].string.text), p->uri);
+ ippSetString(job->attrs, &attr, 0, p->uri);
cupsdAddEvent(CUPSD_EVENT_JOB_STOPPED, p, job,
"Job #%d moved from %s to %s.", job->id, olddest,
attr = ippFindAttribute(job->attrs, "job-hold-until", IPP_TAG_NAME);
if (attr)
- cupsdSetString(&(attr->values[0].string.text), when);
+ ippSetString(job->attrs, &attr, 0, when);
else
attr = ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_KEYWORD,
"job-hold-until", NULL, when);
if (attr)
{
- attr->value_tag = IPP_TAG_KEYWORD;
- cupsdSetString(&(attr->values[0].string.text), "no-hold");
+ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD);
+ ippSetString(job->attrs, &attr, 0, "no-hold");
}
default :
"job-printer-state-message",
IPP_TAG_TEXT);
if (job->printer_message)
- cupsdSetString(&(job->printer_message->values[0].string.text), "");
+ ippSetString(job->attrs, &job->printer_message, 0, "");
ippSetString(job->attrs, &job->reasons, 0, "job-printing");
cupsdSetJobState(job, IPP_JOB_PROCESSING, CUPSD_JOB_DEFAULT, NULL);
if (job->state_value != IPP_JOB_PROCESSING &&
job->status_level == CUPSD_LOG_INFO)
{
- cupsdSetString(&(job->printer_message->values[0].string.text), "");
+ ippSetString(job->attrs, &job->printer_message, 0, "");
job->dirty = 1;
cupsdMarkDirty(CUPSD_DIRTY_JOBS);
}
else if (job->printer->state_message[0] && do_message)
{
- cupsdSetString(&(job->printer_message->values[0].string.text),
- job->printer->state_message);
+ ippSetString(job->attrs, &job->printer_message, 0, job->printer->state_message);
job->dirty = 1;
cupsdMarkDirty(CUPSD_DIRTY_JOBS);
if (!*a)
*a = cupsArrayNew3((cups_array_func_t)strcmp, NULL,
(cups_ahash_func_t)NULL, 0,
- (cups_acopy_func_t)_cupsStrAlloc,
- (cups_afree_func_t)_cupsStrFree);
+ (cups_acopy_func_t)strdup,
+ (cups_afree_func_t)free);
return (cupsArrayAdd(*a, (char *)s));
}
{
if (s && *s)
{
- _cupsStrFree(*s);
+ free(*s);
*s = NULL;
}
}
return;
if (*s)
- _cupsStrFree(*s);
+ free(*s);
if (v)
- *s = _cupsStrAlloc(v);
+ *s = strdup(v);
else
*s = NULL;
}
vsnprintf(v, sizeof(v), f, ap);
va_end(ap);
- *s = _cupsStrAlloc(v);
+ *s = strdup(v);
}
else
*s = NULL;
if (olds)
- _cupsStrFree(olds);
+ free(olds);
}
}
if (job->printer_message)
- cupsdSetString(&(job->printer_message->values[0].string.text),
- message);
+ ippSetString(job->attrs, &job->printer_message, 0, message);
}
}
projects / thirdparty / cups.git / commitdiff
