Local certificate authentication did not guard against an empty certification

file (STR #4293)

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@10904 7a7537e8-13f0-0310-91df-b6672ffda945

diff --git a/CHANGES-1.6.txt b/CHANGES-1.6.txt
index f9efbb2bc23bbc7727d2f1c6108c29d142fb2c73..b44b09350be9c1296a441a1bfc2069ab03ff1c07 100644 (file)
--- a/CHANGES-1.6.txt
+++ b/CHANGES-1.6.txt
@@ -12,6 +12,8 @@ CHANGES IN CUPS V1.6.2
        - Added a French localization (STR #4247)
        - Added a Russian localization (STR #4228, STR #4285)
        - Updated the Catalan localization (STR #4202)
+       - Local certificate authentication did not guard against an empty
+         certification file (STR #4293)
        - The scheduler did not reject device URIs with spaces.
        - Added USB quirk rule for Epson Stylus Photo 750 (STR #4286)
        - The IPP backend could crash if the printer disconnects early

diff --git a/cups/auth.c b/cups/auth.c
index 309b9cce114dcc62a5f01ed108b0b2364e1fcdc8..8efb34b337d4d270b731d86d2fcf1f0fc913cd51 100644 (file)
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -667,8 +667,7 @@ cups_local_auth(http_t *http)               /* I - HTTP connection to server */
   int                  pid;            /* Current process ID */
   FILE                 *fp;            /* Certificate file */
   char                 trc[16],        /* Try Root Certificate parameter */
-                       filename[1024], /* Certificate filename */
-                       certificate[33];/* Certificate string */
+                       filename[1024]; /* Certificate filename */
   _cups_globals_t *cg = _cupsGlobals();        /* Global data */
 #  if defined(HAVE_AUTHORIZATION_H)
   OSStatus             status;         /* Status */
@@ -862,19 +861,25 @@ cups_local_auth(http_t *http)             /* I - HTTP connection to server */
     * Read the certificate from the file...
     */
 
-    fgets(certificate, sizeof(certificate), fp);
+    char       certificate[33],        /* Certificate string */
+               *certptr;               /* Pointer to certificate string */
+
+    certptr = fgets(certificate, sizeof(certificate), fp);
     fclose(fp);
 
-   /*
-    * Set the authorization string and return...
-    */
+    if (certptr)
+    {
+     /*
+      * Set the authorization string and return...
+      */
 
-    httpSetAuthString(http, "Local", certificate);
+      httpSetAuthString(http, "Local", certificate);
 
-    DEBUG_printf(("8cups_local_auth: Returning authstring=\"%s\"",
-                 http->authstring));
+      DEBUG_printf(("8cups_local_auth: Returning authstring=\"%s\"",
+                   http->authstring));
 
-    return (0);
+      return (0);
+    }
   }
 
   return (1);