diff options
| -rw-r--r-- | meta/recipes-extended/cups/cups.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2023-34241.patch | 65 |
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index d6e7d95800..1d2377486a 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc | |||
| @@ -15,6 +15,7 @@ SRC_URI = "https://github.com/apple/cups/releases/download/v${PV}/${BP}-source.t | |||
| 15 | file://0004-cups-fix-multilib-install-file-conflicts.patch\ | 15 | file://0004-cups-fix-multilib-install-file-conflicts.patch\ |
| 16 | file://CVE-2022-26691.patch \ | 16 | file://CVE-2022-26691.patch \ |
| 17 | file://CVE-2023-32324.patch \ | 17 | file://CVE-2023-32324.patch \ |
| 18 | file://CVE-2023-34241.patch \ | ||
| 18 | " | 19 | " |
| 19 | 20 | ||
| 20 | UPSTREAM_CHECK_URI = "https://github.com/apple/cups/releases" | 21 | UPSTREAM_CHECK_URI = "https://github.com/apple/cups/releases" |
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-34241.patch b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch new file mode 100644 index 0000000000..816efc2946 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch | |||
| @@ -0,0 +1,65 @@ | |||
| 1 | From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Rose <83477269+AtariDreams@users.noreply.github.com> | ||
| 3 | Date: Thu, 1 Jun 2023 11:33:39 -0400 | ||
| 4 | Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection | ||
| 5 | |||
| 6 | httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to. | ||
| 7 | |||
| 8 | We have to log the hostname first. | ||
| 9 | |||
| 10 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2] | ||
| 11 | CVE: CVE-2023-34241 | ||
| 12 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 13 | --- | ||
| 14 | scheduler/client.c | 16 +++++++--------- | ||
| 15 | 1 file changed, 7 insertions(+), 9 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/scheduler/client.c b/scheduler/client.c | ||
| 18 | index 91e441188c..327473a4d1 100644 | ||
| 19 | --- a/scheduler/client.c | ||
| 20 | +++ b/scheduler/client.c | ||
| 21 | @@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
| 22 | /* | ||
| 23 | * Can't have an unresolved IP address with double-lookups enabled... | ||
| 24 | */ | ||
| 25 | - | ||
| 26 | - httpClose(con->http); | ||
| 27 | - | ||
| 28 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
| 29 | - "Name lookup failed - connection from %s closed!", | ||
| 30 | + "Name lookup failed - closing connection from %s!", | ||
| 31 | httpGetHostname(con->http, NULL, 0)); | ||
| 32 | |||
| 33 | + httpClose(con->http); | ||
| 34 | free(con); | ||
| 35 | return; | ||
| 36 | } | ||
| 37 | @@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
| 38 | * with double-lookups enabled... | ||
| 39 | */ | ||
| 40 | |||
| 41 | - httpClose(con->http); | ||
| 42 | - | ||
| 43 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
| 44 | - "IP lookup failed - connection from %s closed!", | ||
| 45 | + "IP lookup failed - closing connection from %s!", | ||
| 46 | httpGetHostname(con->http, NULL, 0)); | ||
| 47 | + | ||
| 48 | + httpClose(con->http); | ||
| 49 | free(con); | ||
| 50 | return; | ||
| 51 | } | ||
| 52 | @@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ | ||
| 53 | |||
| 54 | if (!hosts_access(&wrap_req)) | ||
| 55 | { | ||
| 56 | - httpClose(con->http); | ||
| 57 | - | ||
| 58 | cupsdLogClient(con, CUPSD_LOG_WARN, | ||
| 59 | "Connection from %s refused by /etc/hosts.allow and " | ||
| 60 | "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); | ||
| 61 | + | ||
| 62 | + httpClose(con->http); | ||
| 63 | free(con); | ||
| 64 | return; | ||
| 65 | } | ||