File cups-2.2.7-CVE-2024-35235.patch of Package cups.34762
--- cups/http-addr.c.orig 2018-03-23 04:48:36.000000000 +0100
+++ cups/http-addr.c 2024-05-28 08:56:50.780902345 +0200
@@ -198,31 +198,29 @@ httpAddrListen(http_addr_t *addr, /* I -
{
mode_t mask; /* Umask setting */
- /*
- * Remove any existing domain socket file...
- */
-
- unlink(addr->un.sun_path);
-
- /*
- * Save the current umask and set it to 0 so that all users can access
- * the domain socket...
- */
-
- mask = umask(0);
-
- /*
- * Bind the domain socket...
- */
-
- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
-
- /*
- * Restore the umask and fix permissions...
- */
-
- umask(mask);
- chmod(addr->un.sun_path, 0140777);
+ // Remove any existing domain socket file...
+ if ((status = unlink(addr->un.sun_path)) < 0)
+ {
+ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ if (errno == ENOENT)
+ status = 0;
+ }
+
+ if (!status)
+ {
+ // Save the current umask and set it to 0 so that all users can access
+ // the domain socket...
+ mask = umask(0);
+
+ // Bind the domain socket...
+ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
+ {
+ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ }
+
+ // Restore the umask...
+ umask(mask);
+ }
}
else
#endif /* AF_LOCAL */
--- scheduler/conf.c.orig 2018-03-23 04:48:36.000000000 +0100
+++ scheduler/conf.c 2024-05-29 14:20:16.415485676 +0200
@@ -3073,6 +3073,15 @@ read_cupsd_conf(cups_file_t *fp) /* I -
cupsd_listener_t *lis; /* New listeners array */
+ /*
+ * Check that the domain socket path is not too long...
+ */
+
+ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
+ continue;
+ }
/*
* Get the address list...
