File cups-filters-1.28.17-CVE-2024-47175.patch of Package cups-filters
--- cups-filters-1.28.17.original/cupsfilters/ppdgenerator.c 2023-01-25 02:41:08.000000000 +0100
+++ cups-filters-1.28.17.patched/cupsfilters/ppdgenerator.c 2025-09-17 10:16:21.157012186 +0200
@@ -67,7 +67,7 @@
* than CUPS 2.2.x. We have also an additional test and development
* platform for this code. Taken from cups/ppd-cache.c,
* cups/string-private.h, cups/string.c.
- *
+ *
* The advantage of PPD generation instead of working with System V
* interface scripts is that the print dialogs of the clients do not
* need to ask the printer for its options via IPP. So we have access
@@ -92,6 +92,7 @@ typedef struct _pwg_finishings_s /**** P
static void pwg_ppdize_name(const char *ipp, char *name, size_t namesize);
static void pwg_ppdize_resolution(ipp_attribute_t *attr, int element,
int *xres, int *yres, char *name, size_t namesize);
+static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid);
/*
* '_cupsSetError()' - Set the last PPD generator status-message.
@@ -1575,13 +1576,14 @@ ppdCreateFromIPP2(char *buffer,
DNS-SD) */
cups_array_t *conflicts, /* I - Array of constraints */
cups_array_t *sizes, /* I - Media sizes we've
- added */
+ added */
char* default_pagesize, /* I - Default page size*/
const char *default_cluster_color) /* I - cluster def
color (if cluster's
attributes are
returned) */
{
+ cups_lang_t *lang; // Localization language
cups_file_t *fp; /* PPD file */
cups_array_t *printer_sizes; /* Media sizes we've added */
cups_size_t *size; /* Current media size */
@@ -1593,9 +1595,10 @@ ppdCreateFromIPP2(char *buffer,
ipp_t *media_col, /* Media collection */
*media_size; /* Media size collection */
char make[256], /* Make and model */
- *model, /* Model name */
+ *mptr, // Pointer into make and model
ppdname[PPD_MAX_NAME];
/* PPD keyword */
+ const char *model; /* Model name */
int i, j, /* Looping vars */
count = 0, /* Number of values */
bottom, /* Largest bottom margin */
@@ -1622,8 +1625,6 @@ ppdCreateFromIPP2(char *buffer,
*current_def, /* Default resolution of current PDL */
*min_res, /* Minimum common resolution */
*max_res; /* Maximum common resolution */
- cups_lang_t *lang = cupsLangDefault();
- /* Localization info */
struct lconv *loc = localeconv();
/* Locale data */
cups_array_t *printer_opt_strings_catalog = NULL;
@@ -1675,6 +1676,70 @@ ppdCreateFromIPP2(char *buffer,
return (NULL);
}
+ //
+ // Get a sanitized make and model...
+ //
+
+ if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr))
+ {
+ // Sanitize the model name to only contain PPD-safe characters.
+ strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
+
+ for (mptr = make; *mptr; mptr ++)
+ {
+ if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"')
+ {
+ // Truncate the make and model on the first bad character...
+ *mptr = '\0';
+ break;
+ }
+ }
+
+ while (mptr > make)
+ {
+ // Strip trailing whitespace...
+ mptr --;
+ if (*mptr == ' ')
+ *mptr = '\0';
+ else
+ break;
+ }
+
+ if (!make[0])
+ {
+ // Use a default make and model if nothing remains...
+ strlcpy(make, "Unknown", sizeof(make));
+ }
+ }
+ else
+ {
+ // Use a default make and model...
+ strlcpy(make, "Unknown", sizeof(make));
+ }
+
+ if (!strncasecmp(make, "Hewlett Packard ", 16) || !strncasecmp(make, "Hewlett-Packard ", 16))
+ {
+ // Normalize HP printer make and model...
+ model = make + 16;
+ strlcpy(make, "HP", sizeof(make));
+
+ if (!strncasecmp(model, "HP ", 3))
+ model += 3;
+ }
+ else if ((mptr = strchr(make, ' ')) != NULL)
+ {
+ // Separate "MAKE MODEL"...
+ while (*mptr && *mptr == ' ')
+ *mptr++ = '\0';
+
+ model = mptr;
+ }
+ else
+ {
+ // No separate model name...
+ model = "Printer";
+ }
+
/*
* Standard stuff for PPD file...
*/
@@ -1703,24 +1768,6 @@ ppdCreateFromIPP2(char *buffer,
}
}
- if ((attr = ippFindAttribute(response, "printer-make-and-model",
- IPP_TAG_TEXT)) != NULL)
- strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
- else if (make_model && make_model[0] != '\0')
- strlcpy(make, make_model, sizeof(make));
- else
- strlcpy(make, "Unknown Printer", sizeof(make));
-
- if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) ||
- !_cups_strncasecmp(make, "Hewlett-Packard ", 16)) {
- model = make + 16;
- strlcpy(make, "HP", sizeof(make));
- }
- else if ((model = strchr(make, ' ')) != NULL)
- *model++ = '\0';
- else
- model = make;
-
cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
cupsFilePrintf(fp, "*ModelName: \"%s %s\"\n", make, model);
cupsFilePrintf(fp, "*Product: \"(%s %s)\"\n", make, model);
@@ -1818,21 +1865,20 @@ ppdCreateFromIPP2(char *buffer,
cupsFilePuts(fp, "*cupsLanguages: \"en\"\n");
if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) !=
- NULL)
+ NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL));
- if ((attr = ippFindAttribute(response, "printer-charge-info-uri",
- IPP_TAG_URI)) != NULL)
- cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0,
- NULL));
+ if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+ cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
/* Message catalogs for UI strings */
+ lang = cupsLangDefault();
if (opt_strings_catalog == NULL) {
opt_strings_catalog = optArrayNew();
load_opt_strings_catalog(NULL, opt_strings_catalog);
}
if ((attr = ippFindAttribute(response, "printer-strings-uri",
- IPP_TAG_URI)) != NULL) {
+ IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) {
printer_opt_strings_catalog = optArrayNew();
load_opt_strings_catalog(ippGetString(attr, 0, NULL),
printer_opt_strings_catalog);
@@ -1926,18 +1972,8 @@ ppdCreateFromIPP2(char *buffer,
if (attr) format = ippGetString(attr, i, NULL);
/* Add format to list of supported PDLs, skip duplicates */
if (!cupsArrayFind(pdl_list, (void *)format))
- cupsArrayAdd(pdl_list, (void *)format);
- if (attr)
- /* Next format in attribute */
- i ++;
- else {
- /* Find the next format in the string pdl, if there is none left,
- go to the terminating zero */
- while (!isspace(*format) && *format != ',' && *format != '\0')
- format ++;
while ((isspace(*format) || *format == ',') && *format != '\0')
format ++;
- }
}
}
@@ -2110,7 +2146,7 @@ ppdCreateFromIPP2(char *buffer,
if (manual_copies == 1)
cupsFilePuts(fp, "*cupsManualCopies: True\n");
- /* No resolution requirements by any of the supported PDLs?
+ /* No resolution requirements by any of the supported PDLs?
Use "printer-resolution-supported" attribute */
if (common_res == NULL) {
if ((attr = ippFindAttribute(response, "printer-resolution-supported",
@@ -2577,13 +2613,15 @@ ppdCreateFromIPP2(char *buffer,
break;
}
if (j >= 0)
- cupsFilePrintf(fp, "*InputSlot %s/%s: \"<</MediaPosition %d>>setpagedevice\"\n",
- ppdname, human_readable, j);
+ {
+ cupsFilePrintf(fp, "*InputSlot %s: \"<</MediaPosition %d>>setpagedevice\"\n", ppdname, j);
+ ppd_put_string(fp, lang, "InputSlot", ppdname, human_readable);
+ }
else
- cupsFilePrintf(fp, "*InputSlot %s%s%s: \"\"\n",
- ppdname,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ {
+ cupsFilePrintf(fp, "*InputSlot %s%s%s:\"\"\n", ppdname, human_readable ? "/" : "", human_readable ? human_readable : "");
+ ppd_put_string(fp, lang, "InputSlot", ppdname, human_readable);
+ }
}
cupsFilePuts(fp, "*CloseUI: *InputSlot\n");
}
@@ -2767,11 +2805,8 @@ ppdCreateFromIPP2(char *buffer,
human_readable = (char *)_cupsLangString(lang, media_types[j][1]);
break;
}
- cupsFilePrintf(fp, "*MediaType %s%s%s: \"<</MediaType(%s)>>setpagedevice\"\n",
- ppdname,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""),
- ppdname);
+ cupsFilePrintf(fp, "*MediaType %s: \"<</MediaType(%s)>>setpagedevice\"\n", ppdname, ppdname);
+ ppd_put_string(fp, lang, "MediaType", ppdname, human_readable);
}
cupsFilePuts(fp, "*CloseUI: *MediaType\n");
}
@@ -3204,11 +3239,8 @@ ppdCreateFromIPP2(char *buffer,
human_readable = lookup_option("output-bin", opt_strings_catalog,
printer_opt_strings_catalog);
- cupsFilePrintf(fp, "*OpenUI *OutputBin/%s: PickOne\n"
- "*OrderDependency: 10 AnySetup *OutputBin\n"
- "*DefaultOutputBin: %s\n",
- (human_readable ? human_readable : "Output Bin"),
- ppdname);
+ cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname);
+ ppd_put_string(fp, lang, "OutputBin", ppdname, human_readable);
attr2 = ippFindAttribute(response, "printer-output-tray", IPP_TAG_STRING);
for (i = 0; i < count; i ++) {
keyword = ippGetString(attr, i, NULL);
@@ -3466,9 +3498,8 @@ ppdCreateFromIPP2(char *buffer,
human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
break;
}
- cupsFilePrintf(fp, "*StapleLocation %s%s%s: \"\"\n", ppd_keyword,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword);
+ ppd_put_string(fp, lang, "StapleLocation", ppd_keyword, human_readable);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n",
value, keyword, ppd_keyword);
}
@@ -3559,9 +3590,8 @@ ppdCreateFromIPP2(char *buffer,
human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
break;
}
- cupsFilePrintf(fp, "*FoldType %s%s%s: \"\"\n", ppd_keyword,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword);
+ ppd_put_string(fp, lang, "FoldType", ppd_keyword, human_readable);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n",
value, keyword, ppd_keyword);
}
@@ -3659,9 +3689,8 @@ ppdCreateFromIPP2(char *buffer,
human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
break;
}
- cupsFilePrintf(fp, "*PunchMedia %s%s%s: \"\"\n", ppd_keyword,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword);
+ ppd_put_string(fp, lang, "PunchMedia", ppd_keyword, human_readable);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n",
value, keyword, ppd_keyword);
}
@@ -3800,8 +3829,9 @@ ppdCreateFromIPP2(char *buffer,
printer_opt_strings_catalog);
if (human_readable == NULL)
human_readable = (char *)keyword;
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s/%s: \"\n", keyword,
- human_readable);
+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
+ ppd_put_string(fp, lang, "cupsFinishingTemplate", ppdname, human_readable);
for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr;
finishing_attr = ippNextAttribute(finishing_col)) {
if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) {
@@ -4113,13 +4143,13 @@ ppdCreateFromIPP2(char *buffer,
if (!preset || !preset_name)
continue;
- if ((localized_name = lookup_option((char *)preset_name,
- opt_strings_catalog,
- printer_opt_strings_catalog)) == NULL)
- cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name);
- else
- cupsFilePrintf(fp, "*APPrinterPreset %s/%s: \"\n", preset_name,
- localized_name);
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+
+ localized_name = lookup_option((char *)preset_name,
+ opt_strings_catalog,
+ printer_opt_strings_catalog);
+ cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname);
+ ppd_put_string(fp, lang, "APPrinterPreset", ppdname, localized_name);
for (member = ippFirstAttribute(preset); member;
member = ippNextAttribute(preset)) {
@@ -4160,7 +4190,10 @@ ppdCreateFromIPP2(char *buffer,
ippGetString(ippFindAttribute(fin_col,
"finishing-template",
IPP_TAG_ZERO), 0, NULL)) != NULL)
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword);
+ {
+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname);
+ }
}
} else if (!strcmp(member_name, "media")) {
/*
@@ -4193,14 +4226,14 @@ ppdCreateFromIPP2(char *buffer,
IPP_TAG_ZERO), 0,
NULL)) != NULL) {
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*InputSlot %s\n", keyword);
+ cupsFilePrintf(fp, "*InputSlot %s\n", ppdname);
}
if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type",
IPP_TAG_ZERO), 0,
NULL)) != NULL) {
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*MediaType %s\n", keyword);
+ cupsFilePrintf(fp, "*MediaType %s\n", ppdname);
}
} else if (!strcmp(member_name, "print-quality")) {
/*
@@ -4509,4 +4542,35 @@ pwg_ppdize_resolution(
snprintf(name, namesize, "%dx%ddpi", *xres, *yres);
}
}
+
+
+/*
+ * 'ppd_put_strings()' - Write localization attributes to a PPD file.
+ */
+
+static void
+ppd_put_string(cups_file_t *fp, /* I - PPD file */
+ cups_lang_t *lang, /* I - Language */
+ const char *ppd_option,/* I - PPD option */
+ const char *ppd_choice,/* I - PPD choice */
+ const char *text) /* I - Localized text */
+{
+ if (!text)
+ return;
+
+ // Add the first line of localized text...
+ cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice);
+
+ while (*text && *text != '\n')
+ {
+ // Escape ":" and "<"...
+ if (*text == ':' || *text == '<')
+ cupsFilePrintf(fp, "<%02X>", *text);
+ else
+ cupsFilePutChar(fp, *text);
+
+ text ++;
+ }
+ cupsFilePuts(fp, ": \"\"\n");
+}
#endif /* HAVE_CUPS_1_6 */
