From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 8 May 2018 20:50:09 +0000 (-0700)
Subject: Validate notify-recipient-uri values.
X-Git-Tag: v2.3b5~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be7581b6e3a6b0b44255ddb533a30db03ad5c337;p=thirdparty%2Fcups.git

Validate notify-recipient-uri values.
---

diff --git a/CHANGES.md b/CHANGES.md
index 6e46c56524..fa8a9eb69c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -18,6 +18,8 @@ Changes in CUPS v2.3b5
 - Documentation updates (Issue #5299, Issue #5301, Issue #5306)
 - Fax queues did not support pause (p) or wait-for-dialtone (w) characters
   (rdar://39212256)
+- The scheduler did not validate notify-recipient-uri values properly
+  (rdar://40068936)
 - The IPP parser allowed invalid group tags (rdar://40442124)
 - Fixed a parsing bug in the new authentication code.
 
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 917ef71d82..89058d2851 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -2032,7 +2032,7 @@ add_job_subscriptions(
 
         snprintf(notifier, sizeof(notifier), "%s/notifier/%s", ServerBin,
 	         scheme);
-        if (access(notifier, X_OK))
+        if (access(notifier, X_OK) || !strcmp(scheme, ".") || !strcmp(scheme, ".."))
 	{
           send_ipp_status(con, IPP_NOT_POSSIBLE,
 	                  _("notify-recipient-uri URI \"%s\" uses unknown "