From: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Date: Tue, 22 Jul 2014 14:02:56 +0000 (+0000)
Subject: Also add the world-readable check.
X-Git-Tag: v2.2b1~547
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e667a52c67d0202a244eb77ed11703446f9de55;p=thirdparty%2Fcups.git

Also add the world-readable check.


git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12056 a1ca3aef-8c08-0410-bb20-df032aa958be
---

diff --git a/scheduler/client.c b/scheduler/client.c
index f252eb26fb..d00d9fb70e 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -3109,6 +3109,17 @@ get_file(cupsd_client_t *con,		/* I  - Client connection */
       cupsdLogClient(con, CUPSD_LOG_INFO, "Symlinks such as \"%s\" are not allowed.", filename);
       return (NULL);
     }
+
+   /*
+    * Similarly, if the file/directory does not have world read permissions, do
+    * not allow access...
+    */
+
+    if (!status && !(filestats->st_mode & S_IROTH))
+    {
+      cupsdLogClient(con, CUPSD_LOG_INFO, "Files/directories such as \"%s\" must be world-readable.", filename);
+      return (NULL);
+    }
   }
 
   cupsdLogClient(con, CUPSD_LOG_DEBUG2, "get_file filestats=%p, filename=%p, len=" CUPS_LLFMT ", returning \"%s\".", filestats, filename, CUPS_LLCAST len, status ? "(null)" : filename);