From d9071222ad11647030981ef327d3b68f2a8e8266 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 29 Jun 2023 09:37:33 +0200
Subject: [PATCH] CVE-2023-32324 cups: heap buffer overflow may lead to DoS

Resolves: CVE-2023-32324
---
 0001-cups-strlcpy-handle-zero-size.patch | 34 ++++++++++++++++++++++++
 cups.spec                                |  5 ++++
 2 files changed, 39 insertions(+)
 create mode 100644 0001-cups-strlcpy-handle-zero-size.patch

diff --git a/0001-cups-strlcpy-handle-zero-size.patch b/0001-cups-strlcpy-handle-zero-size.patch
new file mode 100644
index 0000000..397609c
--- /dev/null
+++ b/0001-cups-strlcpy-handle-zero-size.patch
@@ -0,0 +1,34 @@
+From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Wed, 17 May 2023 12:59:57 -0400
+Subject: [PATCH] Consensus fix.
+
+---
+ cups/string.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/cups/string.c b/cups/string.c
+index 00454203c..b4fc12050 100644
+--- a/cups/string.c
++++ b/cups/string.c
+@@ -1,6 +1,7 @@
+ /*
+  * String functions for CUPS.
+  *
++ * Copyright © 2023 by OpenPrinting.
+  * Copyright © 2007-2019 by Apple Inc.
+  * Copyright © 1997-2007 by Easy Software Products.
+  *
+@@ -730,6 +731,9 @@ _cups_strlcpy(char       *dst,		/* O - Destination string */
+   size_t	srclen;			/* Length of source string */
+ 
+ 
++  if (size == 0)
++    return (0);
++
+  /*
+   * Figure out how much room is needed...
+   */
+-- 
+2.40.1
+
diff --git a/cups.spec b/cups.spec
index 34ff6ae..d564509 100644
--- a/cups.spec
+++ b/cups.spec
@@ -113,6 +113,8 @@ Patch32: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
 Patch33: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
 # CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
 Patch34: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
+# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
+Patch35: 0001-cups-strlcpy-handle-zero-size.patch
 
 
 ##### Patches removed because IMHO they aren't no longer needed
@@ -357,6 +359,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
 %patch33 -p1 -b .listen-backlog
 # CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
 %patch34 -p1 -b .cve34241
+# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
+%patch35 -p1 -b .cve32324
 
 %if %{lspp}
 # LSPP support.
@@ -782,6 +786,7 @@ rm -f %{cups_serverbin}/backend/smb
 %changelog
 * Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19
 - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
+- CVE-2023-32324 cups: heap buffer overflow may lead to DoS
 
 * Wed Jun 28 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19
 - 2217177 - Delays printing to lpd when reserved ports are exhausted