File cups-filters-1.25.0-0002-beh-backend-Extra-checks-against-odd-forged-input-CVE-2023-24805.patch of Package cups-filters.29003
--- backend/beh.c.patched.0001-beh-backend-Use-execv-instead-of-system-CVE-2023-248 2023-05-15 16:06:14.493385265 +0200
+++ backend/beh.c 2023-05-15 16:32:17.990249265 +0200
@@ -222,16 +222,30 @@ call_backend(char *uri,
wait_pid,
wait_status,
retval = 0;
+ int bytes;
/*
* Build the backend command line...
*/
+ scheme[0] = '\0';
strncpy(scheme, uri, sizeof(scheme));
- if (strlen(uri) > 1023)
- scheme[1023] = '\0';
+ if (strlen(uri) > sizeof(scheme) - 1)
+ scheme[sizeof(scheme) - 1] = '\0';
if ((ptr = strchr(scheme, ':')) != NULL)
*ptr = '\0';
+ else
+ {
+ fprintf(stderr,
+ "ERROR: beh: Invalid URI, no colon (':') to mark end of scheme part.\n");
+ exit (CUPS_BACKEND_FAILED);
+ }
+ if (strchr(scheme, '/'))
+ {
+ fprintf(stderr,
+ "ERROR: beh: Invalid URI, scheme contains a slash ('/').\n");
+ exit (CUPS_BACKEND_FAILED);
+ }
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
cups_serverbin = CUPS_SERVERBIN;
@@ -251,8 +265,15 @@ call_backend(char *uri,
backend_argv[6] = filename;
backend_argv[7] = NULL;
- snprintf(backend_path, sizeof(backend_path),
- "%s/backend/%s", cups_serverbin, scheme);
+ bytes = snprintf(backend_path, sizeof(backend_path),
+ "%s/backend/%s", cups_serverbin, scheme);
+ if (bytes < 0 || bytes >= sizeof(backend_path))
+ {
+ fprintf(stderr,
+ "ERROR: beh: Invalid scheme (\"%s\"), could not determing backend path.\n",
+ scheme);
+ exit (CUPS_BACKEND_FAILED);
+ }
/*
* Overwrite the device URI and run the actual backend...