]> git.ipfire.org Git - thirdparty/cups.git/commitdiff
projects / thirdparty / cups.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3f12185)
Fix use-after-free in cupsdAcceptClient() (fixes CVE-2023-34241)
authorZdenek Dohnal <zdohnal@redhat.com>
Thu, 22 Jun 2023 10:11:51 +0000 (12:11 +0200)
committerZdenek Dohnal <zdohnal@redhat.com>
Thu, 22 Jun 2023 10:11:51 +0000 (12:11 +0200)
Fix use-after-free when logging warnings in case of failures
in `cupsdAcceptClient()` (fixes CVE-2023-34241)

CHANGES.md patch | blob | blame | history
scheduler/client.c patch | blob | blame | history

diff --git a/CHANGES.md b/CHANGES.md
index 1e1b1173540b2613e992bea94f96745ea6622270..727ca9fa80a700c8b42a432da5b1df54a845560a 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,6 +5,8 @@ Changes in CUPS v2.4.6 - TBA
 ----------------------------
 
 - Fix printing multiple files on specific printers (Issue #643)
+- Fix use-after-free when logging warnings in case of failures
+  in `cupsdAcceptClient()` (fixes CVE-2023-34241)
 
 
 Changes in CUPS v2.4.5 - 2023-06-13
diff --git a/scheduler/client.c b/scheduler/client.c
index 91e441188c9ed5d60fa7b82e876e938468b456b9..327473a4d1726746f0f23fcf57d3fb870ff47d74 100644 (file)
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
    /*
     * Can't have an unresolved IP address with double-lookups enabled...
     */
-
-    httpClose(con->http);
-
     cupsdLogClient(con, CUPSD_LOG_WARN,
-                    "Name lookup failed - connection from %s closed!",
+                    "Name lookup failed - closing connection from %s!",
                     httpGetHostname(con->http, NULL, 0));
 
+    httpClose(con->http);
     free(con);
     return;
   }
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
       * with double-lookups enabled...
       */
 
-      httpClose(con->http);
-
       cupsdLogClient(con, CUPSD_LOG_WARN,
-                      "IP lookup failed - connection from %s closed!",
+                      "IP lookup failed - closing connection from %s!",
                       httpGetHostname(con->http, NULL, 0));
+
+      httpClose(con->http);
       free(con);
       return;
     }
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
 
   if (!hosts_access(&wrap_req))
   {
-    httpClose(con->http);
-
     cupsdLogClient(con, CUPSD_LOG_WARN,
                     "Connection from %s refused by /etc/hosts.allow and "
                    "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+
+    httpClose(con->http);
     free(con);
     return;
   }
Mirror of https://github.com/OpenPrinting/cups.git