From: Michael Sweet Date: Mon, 23 Oct 2017 20:23:43 +0000 (-0400) Subject: DBUS notifications could crash the scheduler (Issue #5143) X-Git-Tag: v2.2.6~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49fa4983f25b64ec29d548ffa3b9782426007df3;p=thirdparty%2Fcups.git DBUS notifications could crash the scheduler (Issue #5143) - scheduler/ipp.c: Make sure requesting-user-name string is valid UTF-8. --- diff --git a/CHANGES.md b/CHANGES.md index 2fdf93e324..86eb1dbdc0 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,12 +1,13 @@ -CHANGES - 2.2.6 - 2017-10-19 +CHANGES - 2.2.6 - 2017-10-23 ============================ Changes in CUPS v2.2.6 ---------------------- +- DBUS notifications could crash the scheduler (Issue #5143) - Added USB quirks rules for Canon MP540 and Samsung ML-2160 (Issue #5148) -- Fixed TLS cipher suite selection with GNU TLS (Issue #5145) +- Fixed TLS cipher suite selection with GNU TLS (Issue #5145, Issue #5150) Changes in CUPS v2.2.5 diff --git a/scheduler/ipp.c b/scheduler/ipp.c index e6743cdcb3..5cf980ab32 100644 --- a/scheduler/ipp.c +++ b/scheduler/ipp.c @@ -1597,6 +1597,16 @@ add_job(cupsd_client_t *con, /* I - Client connection */ return (NULL); } + attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME); + + if (attr && !ippValidateAttribute(attr)) + { + send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString()); + if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL) + attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP; + return (NULL); + } + if ((job = cupsdAddJob(priority, printer->name)) == NULL) { send_ipp_status(con, IPP_INTERNAL_ERROR, @@ -1615,8 +1625,6 @@ add_job(cupsd_client_t *con, /* I - Client connection */ add_job_uuid(job); apply_printer_defaults(printer, job); - attr = ippFindAttribute(job->attrs, "requesting-user-name", IPP_TAG_NAME); - if (con->username[0]) { cupsdSetString(&job->username, con->username);