[cups/f19] Scheduler now blocks URLs containing embedded HTML (bug #1087123, STR #4356).

Jiří Popelka jpopelka at fedoraproject.org
Mon Apr 14 14:56:44 UTC 2014 

commit e0f1ac261a754c93f1ab6ecc14d2c7bd97e4e027
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Mon Apr 14 16:52:41 2014 +0200

    Scheduler now blocks URLs containing embedded HTML (bug #1087123, STR #4356).

 cups-str4356.patch |   29 +++++++++++++++++++++++++++++
 cups.spec          |    8 +++++++-
 2 files changed, 36 insertions(+), 1 deletions(-)
---
diff --git a/cups-str4356.patch b/cups-str4356.patch
new file mode 100644
index 0000000..4cbb260
--- /dev/null
+++ b/cups-str4356.patch
@@ -0,0 +1,29 @@
+From 1216300668307015a88efc6267a521eeab51e8e8 Mon Sep 17 00:00:00 2001
+From: msweet <msweet at a1ca3aef-8c08-0410-bb20-df032aa958be>
+Date: Wed, 19 Feb 2014 19:56:56 +0000
+Subject: [PATCH] Protect against HTML in the URL (STR #4356)
+
+git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11620 a1ca3aef-8c08-0410-bb20-df032aa958be
+---
+diff --git a/scheduler/client.c b/scheduler/client.c
+index 23fb713..9bb2305 100644
+--- a/scheduler/client.c
++++ b/scheduler/client.c
+@@ -3316,6 +3316,14 @@ is_path_absolute(const char *path)	/* I - Input path */
+     return (0);
+ 
+  /*
++  * Check for "<" or quotes in the path and reject since this is probably
++  * someone trying to inject HTML...
++  */
++
++  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
++    return (0);
++
++ /*
+   * Check for "/.." in the path...
+   */
+ 
+-- 
+1.9.0
+
diff --git a/cups.spec b/cups.spec
index 0ef2192..8ff2104 100644
--- a/cups.spec
+++ b/cups.spec
@@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.6.4
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Url: http://www.cups.org/
@@ -73,6 +73,7 @@ Patch42: cups-avahi-browse.patch
 Patch43: cups-str4380.patch
 Patch44: cups-str4366.patch
 Patch45: cups-str4332.patch
+Patch46: cups-str4356.patch
 
 Patch100: cups-lspp.patch
 
@@ -279,6 +280,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch44 -p1 -b .str4366
 # Track local default in cupsEnumDests() (STR #4332).
 %patch45 -p1 -b .str4332
+# Scheduler now blocks URLs containing embedded HTML (bug #1087123, STR #4356)
+%patch46 -p1 -b .str4356
 
 %if %lspp
 # LSPP support.
@@ -667,6 +670,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Mon Apr 14 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.6.4-5
+- Scheduler now blocks URLs containing embedded HTML (bug #1087123, STR #4356).
+
 * Tue Mar 11 2014 Tim Waugh <twaugh at redhat.com> - 1:1.6.4-4
 - Track local default in cupsEnumDests() (STR #4332).
 - Prevent feedback loop when fetching error_log over HTTP (STR #4366).

More information about the scm-commits mailing list