35 lines
890 B
Diff
35 lines
890 B
Diff
|
From 7df31c8e0ee56992de4568287f9cd6d766b793cb Mon Sep 17 00:00:00 2001
|
||
|
|
From: Till Kamppeter <till.kamppeter@gmail.com>
|
||
|
|
Date: Tue, 24 Sep 2024 11:58:01 +0200
|
||
|
|
Subject: [PATCH] cfGetPrinterAttributes5(): Validate response attributes
|
||
|
|
before return
|
||
|
|
|
||
|
|
The destination can be corrupted or forged, so validate the response
|
||
|
|
to strenghten security measures.
|
||
|
|
---
|
||
|
|
cupsfilters/ipp.c | 8 ++++++++
|
||
|
|
1 file changed, 8 insertions(+)
|
||
|
|
|
||
|
|
diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
|
||
|
|
index 8d6a9b3d..db10cb3f 100644
|
||
|
|
--- a/cupsfilters/ipp.c
|
||
|
|
+++ b/cupsfilters/ipp.c
|
||
|
|
@@ -404,6 +404,14 @@ cfGetPrinterAttributes5(http_t *http_printer,
|
||
|
|
ippDelete(response2);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
+
|
||
|
|
+ // Check if the response is valid
|
||
|
|
+ if (!ippValidateAttributes(response))
|
||
|
|
+ {
|
||
|
|
+ ippDelete(response);
|
||
|
|
+ response = NULL;
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
if (have_http == 0) httpClose(http_printer);
|
||
|
|
if (uri) free(uri);
|
||
|
|
return (response);
|
||
|
|
--
|
||
|
|
2.46.1
|
||
|
|
|