Overview

File cups-2.2.7-CVE-2024-47175.patch of Package cups.40432

From d681747ebf12602cb426725eb8ce2753211e2477 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 26 Sep 2024 23:12:14 +0200
Subject: [PATCH] Prevent PPD generation based on invalid IPP response

Author: Mike Sweet
Minor fixes: Zdenek Dohnal

Fixes CVE-2024-47175
---
 ppd/ppd-cache.c     |  17 ++-
 1 files changed, 176 insertions(+), 98 deletions(-)

Index: cups-2.2.7/cups/ppd-cache.c
===================================================================
--- cups-2.2.7.orig/cups/ppd-cache.c
+++ cups-2.2.7/cups/ppd-cache.c
@@ -4392,7 +4392,7 @@ pwg_ppdize_name(const char *ipp,	/* I -
 	*end;				/* End of name buffer */
 
 
-  if (!ipp)
+  if (!ipp || !_cups_isalnum(*ipp))
   {
     *name = '\0';
     return;
@@ -4402,13 +4402,19 @@ pwg_ppdize_name(const char *ipp,	/* I -
 
   for (ptr = name + 1, end = name + namesize - 1; *ipp && ptr < end;)
   {
-    if (*ipp == '-' && _cups_isalnum(ipp[1]))
+    if (*ipp == '-' && isalnum(ipp[1]))
     {
       ipp ++;
       *ptr++ = (char)toupper(*ipp++ & 255);
     }
-    else
+    else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || isalnum(*ipp))
+    {
       *ptr++ = *ipp++;
+    }
+    else
+    {
+      ipp ++;
+    }
   }
 
   *ptr = '\0';
openSUSE Build Service is sponsored by
Places