diff options
| -rw-r--r-- | meta/recipes-extended/cups/cups.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2023-34241.patch | 70 |
2 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index d77758fd3f..c6a676b747 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc | |||
| @@ -16,6 +16,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ | |||
| 16 | file://volatiles.99_cups \ | 16 | file://volatiles.99_cups \ |
| 17 | file://cups-volatiles.conf \ | 17 | file://cups-volatiles.conf \ |
| 18 | file://CVE-2023-32324.patch \ | 18 | file://CVE-2023-32324.patch \ |
| 19 | file://CVE-2023-34241.patch \ | ||
| 19 | " | 20 | " |
| 20 | 21 | ||
| 21 | GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" | 22 | GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" |
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-34241.patch b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch new file mode 100644 index 0000000000..4950ca341d --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch | |||
| @@ -0,0 +1,70 @@ | |||
| 1 | From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Rose <83477269+AtariDreams@users.noreply.github.com> | ||
| 3 | Date: Thu, 1 Jun 2023 11:33:39 -0400 | ||
| 4 | Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection | ||
| 5 | |||
| 6 | httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to. | ||
| 7 | |||
| 8 | We have to log the hostname first. | ||
| 9 | |||
| 10 | CVE: CVE-2023-34241 | ||
| 11 | |||
| 12 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2] | ||
| 13 | |||
| 14 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
| 15 | --- | ||
| 16 | scheduler/client.c | 16 +++++++--------- | ||
| 17 | 1 file changed, 7 insertions(+), 9 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/scheduler/client.c b/scheduler/client.c | ||
| 20 | index 91e441188..327473a4d 100644 | ||
| 21 | --- a/scheduler/client.c | ||
| 22 | +++ b/scheduler/client.c | ||
| 23 | @@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
| 24 | /* | ||
| 25 | * Can't have an unresolved IP address with double-lookups enabled... | ||
| 26 | */ | ||
| 27 | - | ||
| 28 | - httpClose(con->http); | ||
| 29 | - | ||
| 30 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
| 31 | - "Name lookup failed - connection from %s closed!", | ||
| 32 | + "Name lookup failed - closing connection from %s!", | ||
| 33 | httpGetHostname(con->http, NULL, 0)); | ||
| 34 | |||
| 35 | + httpClose(con->http); | ||
| 36 | free(con); | ||
| 37 | return; | ||
| 38 | } | ||
| 39 | @@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
| 40 | * with double-lookups enabled... | ||
| 41 | */ | ||
| 42 | |||
| 43 | - httpClose(con->http); | ||
| 44 | - | ||
| 45 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
| 46 | - "IP lookup failed - connection from %s closed!", | ||
| 47 | + "IP lookup failed - closing connection from %s!", | ||
| 48 | httpGetHostname(con->http, NULL, 0)); | ||
| 49 | + | ||
| 50 | + httpClose(con->http); | ||
| 51 | free(con); | ||
| 52 | return; | ||
| 53 | } | ||
| 54 | @@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
| 55 | |||
| 56 | if (!hosts_access(&wrap_req)) | ||
| 57 | { | ||
| 58 | - httpClose(con->http); | ||
| 59 | - | ||
| 60 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
| 61 | "Connection from %s refused by /etc/hosts.allow and " | ||
| 62 | "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); | ||
| 63 | + | ||
| 64 | + httpClose(con->http); | ||
| 65 | free(con); | ||
| 66 | return; | ||
| 67 | } | ||
| 68 | -- | ||
| 69 | 2.25.1 | ||
| 70 | |||