From 1216300668307015a88efc6267a521eeab51e8e8 Mon Sep 17 00:00:00 2001 From: msweet Date: Wed, 19 Feb 2014 19:56:56 +0000 Subject: [PATCH] Protect against HTML in the URL (STR #4356) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11620 a1ca3aef-8c08-0410-bb20-df032aa958be --- CHANGES-1.7.txt | 2 ++ scheduler/client.c | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/CHANGES-1.7.txt b/CHANGES-1.7.txt index 580b60c5f..6a456f08c 100644 --- a/CHANGES-1.7.txt +++ b/CHANGES-1.7.txt @@ -3,6 +3,8 @@ CHANGES-1.7.txt CHANGES IN CUPS V1.7.2 + - Security: The scheduler now blocks URLs containing embedded HTML + (STR #4356) - The scheduler did not always update the MakeModel value in printers.conf after updating the driver (STR #4264) - The LPD mini daemon did not support print jobs larger than 2GB diff --git a/scheduler/client.c b/scheduler/client.c index 23fb71305..9bb230546 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -3315,6 +3315,14 @@ is_path_absolute(const char *path) /* I - Input path */ if (path[0] != '/') return (0); + /* + * Check for "<" or quotes in the path and reject since this is probably + * someone trying to inject HTML... + */ + + if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL) + return (0); + /* * Check for "/.." in the path... */ -- 2.39.2