Projects
Mega:24.03:SP1:Everything
cups
_service:tar_scm:backport-Fix-CVE-2024-35235.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-Fix-CVE-2024-35235.patch of Package cups
From a436956f374b0fd7f5da9df482e4f5840fa1c0d2 Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal <zdohnal@redhat.com> Date: Mon, 3 Jun 2024 18:53:58 +020 Subject: [PATCH] Fix domain socket handling Reference: https://github.com/OpenPrinting/cups/commit/a436956f374b0fd7f5da9df482e4f5840fa1c0d2 --- cups/http-addr.c | 37 +++++++++++++++++++------------------ scheduler/conf.c | 19 +++++++++++++++++++ 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/cups/http-addr.c b/cups/http-addr.c index 254857c..29a821f 100644 --- a/cups/http-addr.c +++ b/cups/http-addr.c @@ -210,27 +210,28 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ * Remove any existing domain socket file... */ - unlink(addr->un.sun_path); - - /* - * Save the current umask and set it to 0 so that all users can access - * the domain socket... - */ - - mask = umask(0); - - /* - * Bind the domain socket... - */ + if ((status = unlink(addr->un.sun_path)) < 0) + { + DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno))); - status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); + if (errno == ENOENT) + status = 0; + } - /* - * Restore the umask and fix permissions... - */ + if (!status) + { + // Save the current umask and set it to 0 so that all users can access + // the domain socket... + mask = umask(0); + // Bind the domain socket... + if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) + { + DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno))); + } - umask(mask); - chmod(addr->un.sun_path, 0140777); + // Restore the umask... + umask(mask); + } } else #endif /* AF_LOCAL */ diff --git a/scheduler/conf.c b/scheduler/conf.c index 4fa7eb1..8e54c47 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -3082,6 +3082,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ cupsd_listener_t *lis; /* New listeners array */ + /* + * If we are launched on-demand, do not use domain sockets from the config + * file. Also check that the domain socket path is not too long... + */ + +#ifdef HAVE_ONDEMAND + if (*value == '/' && OnDemand) + { + if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) + cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); + continue; + } +#endif // HAVE_ONDEMAND + + if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) + { + cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); + continue; + } /* * Get the address list... -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2