47 lines
1.5 KiB
Diff
47 lines
1.5 KiB
Diff
diff -up cups-2.2.6/cups/ipp.c.cve-2025-58364 cups-2.2.6/cups/ipp.c
|
|
--- cups-2.2.6/cups/ipp.c.cve-2025-58364 2025-10-22 10:15:10.072426099 +0200
|
|
+++ cups-2.2.6/cups/ipp.c 2025-10-22 10:20:00.117427768 +0200
|
|
@@ -3050,34 +3050,6 @@ ippReadIO(void *src, /* I - Data
|
|
*/
|
|
|
|
tag = (ipp_tag_t)buffer[0];
|
|
- if (tag == IPP_TAG_EXTENSION)
|
|
- {
|
|
- /*
|
|
- * Read 32-bit "extension" tag...
|
|
- */
|
|
-
|
|
- if ((*cb)(src, buffer, 4) < 1)
|
|
- {
|
|
- DEBUG_puts("1ippReadIO: Callback returned EOF/error");
|
|
- _cupsBufferRelease((char *)buffer);
|
|
- return (IPP_STATE_ERROR);
|
|
- }
|
|
-
|
|
- tag = (ipp_tag_t)((((((buffer[0] << 8) | buffer[1]) << 8) |
|
|
- buffer[2]) << 8) | buffer[3]);
|
|
-
|
|
- if (tag & IPP_TAG_CUPS_CONST)
|
|
- {
|
|
- /*
|
|
- * Fail if the high bit is set in the tag...
|
|
- */
|
|
-
|
|
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP extension tag larger than 0x7FFFFFFF."), 1);
|
|
- DEBUG_printf(("1ippReadIO: bad tag 0x%x.", tag));
|
|
- _cupsBufferRelease((char *)buffer);
|
|
- return (IPP_STATE_ERROR);
|
|
- }
|
|
- }
|
|
|
|
if (tag == IPP_TAG_END)
|
|
{
|
|
@@ -3286,6 +3258,7 @@ ippReadIO(void *src, /* I - Data
|
|
|
|
if ((*cb)(src, buffer, (size_t)n) < n)
|
|
{
|
|
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to read IPP attribute name."), 1);
|
|
DEBUG_puts("1ippReadIO: unable to read name.");
|
|
_cupsBufferRelease((char *)buffer);
|
|
return (IPP_STATE_ERROR);
|