- Upstream fix for GNU TLS error handling bug (STR #3381).

This commit is contained in:
Tim Waugh 2009-11-16 11:18:15 +00:00
parent 1ab3991a96
commit 516ea2440d
2 changed files with 214 additions and 1 deletions

208
cups-str3381.patch Normal file
View File

@ -0,0 +1,208 @@
diff -up cups-1.4.2/CHANGES.txt.str3381 cups-1.4.2/CHANGES.txt
--- cups-1.4.2/CHANGES.txt.str3381 2009-11-09 23:01:17.000000000 +0000
+++ cups-1.4.2/CHANGES.txt 2009-11-16 10:55:21.518666538 +0000
@@ -1,6 +1,11 @@
-CHANGES.txt - 2009-11-09
+CHANGES.txt - 2009-11-13
------------------------
+CHANGES IN CUPS V1.4.3
+
+ - Fixed a GNU TLS error handling bug (STR #3381)
+
+
CHANGES IN CUPS V1.4.2
- SECURITY: The CUPS web interface was vulnerable to several XSS and
diff -up cups-1.4.2/cups/http.c.str3381 cups-1.4.2/cups/http.c
--- cups-1.4.2/cups/http.c.str3381 2009-07-01 16:23:28.000000000 +0100
+++ cups-1.4.2/cups/http.c 2009-11-16 10:55:21.520666380 +0000
@@ -26,7 +26,6 @@
* httpClearCookie() - Clear the cookie value(s).
* httpClearFields() - Clear HTTP request fields.
* httpClose() - Close an HTTP connection...
- * httpConnect() - Connect to a HTTP server.
* httpConnectEncrypt() - Connect to a HTTP server using encryption.
* _httpCreate() - Create an unconnected HTTP connection.
* httpDelete() - Send a DELETE request to the server.
@@ -721,7 +720,7 @@ httpGetField(http_t *http, /* I -
{
if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
return (NULL);
- else if (field == HTTP_FIELD_AUTHORIZATION &&
+ else if (field == HTTP_FIELD_AUTHORIZATION &&
http->field_authorization)
{
/*
@@ -1137,7 +1136,7 @@ httpGets(char *line, /* I - Line to
http->activity = time(NULL);
*lineptr = '\0';
-
+
DEBUG_printf(("3httpGets: Returning \"%s\"", line));
return (line);
@@ -2283,7 +2282,7 @@ httpWait(http_t *http, /* I - Connecti
*
* @deprecated@
*/
-
+
int /* O - Number of bytes written */
httpWrite(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer for data */
@@ -2298,7 +2297,7 @@ httpWrite(http_t *http, /* I - Conn
*
* @since CUPS 1.2/Mac OS X 10.5@
*/
-
+
ssize_t /* O - Number of bytes written */
httpWrite2(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer for data */
@@ -2456,7 +2455,7 @@ _httpWriteCDSA(
else
{
*dataLength = 0;
-
+
if (errno == EAGAIN)
result = errSSLWouldBlock;
else
@@ -2517,7 +2516,7 @@ http_bio_ctrl(BIO *h, /* I - BIO data
}
else
return (0);
-
+
case BIO_CTRL_DUP :
case BIO_CTRL_FLUSH :
return (1);
@@ -2719,7 +2718,36 @@ http_read_ssl(http_t *http, /* I - Conn
return (SSL_read((SSL *)(http->tls), buf, len));
# elif defined(HAVE_GNUTLS)
- return (gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len));
+ ssize_t result; /* Return value */
+
+
+ result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
+
+ if (result < 0 && !errno)
+ {
+ /*
+ * Convert GNU TLS error to errno value...
+ */
+
+ switch (result)
+ {
+ case GNUTLS_E_INTERRUPTED :
+ errno = EINTR;
+ break;
+
+ case GNUTLS_E_AGAIN :
+ errno = EAGAIN;
+ break;
+
+ default :
+ errno = EPIPE;
+ break;
+ }
+
+ result = -1;
+ }
+
+ return ((int)result);
# elif defined(HAVE_CDSASSL)
int result; /* Return value */
@@ -2857,7 +2885,7 @@ http_send(http_t *http, /* I - Con
DEBUG_printf(("9http_send: %s: %s", http_fields[i],
httpGetField(http, i)));
- if (httpPrintf(http, "%s: %s\r\n", http_fields[i],
+ if (httpPrintf(http, "%s: %s\r\n", http_fields[i],
httpGetField(http, i)) < 1)
{
http->status = HTTP_ERROR;
@@ -2896,15 +2924,15 @@ http_send(http_t *http, /* I - Con
* The Kerberos and AuthRef authentication strings can only be used once...
*/
- if (http->field_authorization && http->authstring &&
- (!strncmp(http->authstring, "Negotiate", 9) ||
+ if (http->field_authorization && http->authstring &&
+ (!strncmp(http->authstring, "Negotiate", 9) ||
!strncmp(http->authstring, "AuthRef", 7)))
{
http->_authstring[0] = '\0';
if (http->authstring != http->_authstring)
free(http->authstring);
-
+
http->authstring = http->_authstring;
}
@@ -3220,7 +3248,7 @@ http_upgrade(http_t *http) /* I - Conne
/*
* 'http_write()' - Write a buffer to a HTTP connection.
*/
-
+
static int /* O - Number of bytes written */
http_write(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer for data */
@@ -3335,7 +3363,36 @@ http_write_ssl(http_t *http, /* I -
return (SSL_write((SSL *)(http->tls), buf, len));
# elif defined(HAVE_GNUTLS)
- return (gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len));
+ ssize_t result; /* Return value */
+
+ result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
+
+ if (result < 0 && !errno)
+ {
+ /*
+ * Convert GNU TLS error to errno value...
+ */
+
+ switch (result)
+ {
+ case GNUTLS_E_INTERRUPTED :
+ errno = EINTR;
+ break;
+
+ case GNUTLS_E_AGAIN :
+ errno = EAGAIN;
+ break;
+
+ default :
+ errno = EPIPE;
+ break;
+ }
+
+ result = -1;
+ }
+
+ return ((int)result);
+
# elif defined(HAVE_CDSASSL)
int result; /* Return value */
OSStatus error; /* Error info */
@@ -3358,11 +3415,11 @@ http_write_ssl(http_t *http, /* I -
else
{
result = -1;
- errno = EINTR;
+ errno = EINTR;
}
break;
default :
- errno = EPIPE;
+ errno = EPIPE;
result = -1;
break;
}

View File

@ -9,7 +9,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.4.2
Release: 3%{?dist}
Release: 4%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -54,6 +54,7 @@ Patch26: cups-str3382.patch
Patch27: cups-str3285_v2.patch
Patch28: cups-str3390.patch
Patch29: cups-str3391.patch
Patch30: cups-str3381.patch
Patch100: cups-lspp.patch
Epoch: 1
@ -212,6 +213,7 @@ module.
%patch27 -p1 -b .str3285_v2
%patch28 -p1 -b .str3390
%patch29 -p1 -b .str3391
%patch30 -p1 -b .str3381
%if %lspp
%patch100 -p1 -b .lspp
@ -509,6 +511,9 @@ rm -rf $RPM_BUILD_ROOT
%{php_extdir}/phpcups.so
%changelog
* Mon Nov 16 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-4
- Upstream fix for GNU TLS error handling bug (STR #3381).
* Wed Nov 11 2009 Jiri Popelka <jpopelka@redhat.com> 1:1.4.2-3
- Fixed lspp-patch to avoid memory leak (bug #536741).