From 1ddfbf34eae898af6ed2d0ea6688df91d352651c Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Mon, 5 May 2025 18:42:18 -0400 Subject: [PATCH] Sync up with libcups code (minor changes). --- cups/jwt.c | 9 ++++++++- cups/oauth.c | 10 +++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/cups/jwt.c b/cups/jwt.c index 4743a15f89..d097bdedab 100644 --- a/cups/jwt.c +++ b/cups/jwt.c @@ -1,7 +1,7 @@ // // JSON Web Token API implementation for CUPS. // -// Copyright © 2023-2024 by OpenPrinting. +// Copyright © 2023-2025 by OpenPrinting. // // Licensed under Apache License v2.0. See the file "LICENSE" for more // information. @@ -10,6 +10,7 @@ #include "cups-private.h" #include "jwt.h" #include "json-private.h" +#include #ifdef HAVE_OPENSSL # include # include @@ -450,6 +451,7 @@ cupsJWTHasValidSignature( #ifdef HAVE_OPENSSL hash_len = cupsHashData(cups_jwa_algorithms[jwt->sigalg], text, text_len, hash, sizeof(hash)); + assert(hash_len > 0); if ((rsa = make_rsa(jwk)) != NULL) { @@ -486,6 +488,7 @@ cupsJWTHasValidSignature( #ifdef HAVE_OPENSSL hash_len = cupsHashData(cups_jwa_algorithms[jwt->sigalg], text, text_len, hash, sizeof(hash)); + assert(hash_len > 0); if ((ec = make_ec_key(jwk, true)) != NULL) { @@ -2107,6 +2110,8 @@ make_signature(cups_jwt_t *jwt, // I - JWT if ((rsa = make_rsa(jwk)) != NULL) { hash_len = cupsHashData(cups_jwa_algorithms[alg], text, text_len, hash, sizeof(hash)); + assert(hash_len > 0); + if (RSA_sign(nids[alg - CUPS_JWA_RS256], hash, hash_len, signature, &siglen, rsa) == 1) { *sigsize = siglen; @@ -2154,6 +2159,8 @@ make_signature(cups_jwt_t *jwt, // I - JWT if ((ec = make_ec_key(jwk, false)) != NULL) { hash_len = cupsHashData(cups_jwa_algorithms[alg], text, text_len, hash, sizeof(hash)); + assert(hash_len > 0); + if ((ec_sig = ECDSA_do_sign(hash, hash_len, ec)) != NULL) { // Get the raw coordinates... diff --git a/cups/oauth.c b/cups/oauth.c index cd0c0b7447..c9f8a0ebda 100644 --- a/cups/oauth.c +++ b/cups/oauth.c @@ -1464,8 +1464,12 @@ oauth_copy_response(http_t *http) // I - HTTP connection // Allocate memory for string... initial_state = httpGetState(http); - if ((bodylen = (size_t)httpGetLength(http)) == 0 || bodylen > 65536) + if ((bytes = httpGetLength(http)) < 0) + return (NULL); + else if (bytes == 0 || bytes > 65536) bodylen = 65536; // Accept up to 64k for GETs/POSTs + else + bodylen = (size_t)bytes; if ((body = calloc(1, bodylen + 1)) != NULL) { @@ -1799,9 +1803,9 @@ oauth_make_path( // // (Has the advantage of being easily identified, too...) // -// For CUPS 3.0.x: +// For CUPS 2.5.x: // -// 43555053-0300-8010-8011-4F4175746820 +// 43555053-0205-8010-8011-4F4175746820 // static char * // O - UUID string -- 2.47.2