diff options
| author | Michael R Sweet <michael.r.sweet@gmail.com> | 2018-06-04 16:17:31 -0400 |
|---|---|---|
| committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2018-06-05 14:46:49 -0400 |
| commit | fd32084d401800ee2ecb2f4806e71a349ca8f728 (patch) | |
| tree | d4b788a58d73cd2d05b81e348823d08a663cb393 | |
| parent | ac9e295f235d0d654597a53e34476dbcdbf6efb2 (diff) | |
| download | cups-fd32084d401800ee2ecb2f4806e71a349ca8f728.tar.gz | |
Block invalid group tags when parsing IPP messages.
| -rw-r--r-- | CHANGES.md | 5 | ||||
| -rwxr-xr-x | configure | 20 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | cups/ipp.c | 7 | ||||
| -rw-r--r-- | cups/testipp.c | 2 |
5 files changed, 22 insertions, 14 deletions
diff --git a/CHANGES.md b/CHANGES.md index 7739a3fc4..6e46c5652 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,7 +1,7 @@ -CHANGES - 2.3rc1 - 2018-05-11 +CHANGES - 2.3b5 - 2018-06-04 ============================= -Changes in CUPS v2.3rc1 +Changes in CUPS v2.3b5 ----------------------- - The `ipptool` program no longer checks for duplicate attributes when running @@ -18,6 +18,7 @@ Changes in CUPS v2.3rc1 - Documentation updates (Issue #5299, Issue #5301, Issue #5306) - Fax queues did not support pause (p) or wait-for-dialtone (w) characters (rdar://39212256) +- The IPP parser allowed invalid group tags (rdar://40442124) - Fixed a parsing bug in the new authentication code. @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for CUPS 2.3b4. +# Generated by GNU Autoconf 2.68 for CUPS 2.3b5. # # Report bugs to <https://github.com/apple/cups/issues>. # @@ -560,8 +560,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='CUPS' PACKAGE_TARNAME='cups' -PACKAGE_VERSION='2.3b4' -PACKAGE_STRING='CUPS 2.3b4' +PACKAGE_VERSION='2.3b5' +PACKAGE_STRING='CUPS 2.3b5' PACKAGE_BUGREPORT='https://github.com/apple/cups/issues' PACKAGE_URL='https://www.cups.org/' @@ -1455,7 +1455,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures CUPS 2.3b4 to adapt to many kinds of systems. +\`configure' configures CUPS 2.3b5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1520,7 +1520,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of CUPS 2.3b4:";; + short | recursive ) echo "Configuration of CUPS 2.3b5:";; esac cat <<\_ACEOF @@ -1697,7 +1697,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -CUPS configure 2.3b4 +CUPS configure 2.3b5 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2161,7 +2161,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by CUPS $as_me 2.3b4, which was +It was created by CUPS $as_me 2.3b5, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2636,7 +2636,7 @@ fi ac_config_headers="$ac_config_headers config.h" -CUPS_VERSION="2.3b4" +CUPS_VERSION="2.3b5" CUPS_REVISION="" CUPS_BUILD="cups-$CUPS_VERSION" @@ -10586,7 +10586,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by CUPS $as_me 2.3b4, which was +This file was extended by CUPS $as_me 2.3b5, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -10649,7 +10649,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -CUPS config.status 2.3b4 +CUPS config.status 2.3b5 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index c502d6471..d3423e7e1 100644 --- a/configure.ac +++ b/configure.ac @@ -12,7 +12,7 @@ dnl We need at least autoconf 2.60... AC_PREREQ(2.60) dnl Package name and version... -AC_INIT([CUPS], [2.3b4], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/]) +AC_INIT([CUPS], [2.3b5], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/]) sinclude(config-scripts/cups-opsys.m4) sinclude(config-scripts/cups-common.m4) diff --git a/cups/ipp.c b/cups/ipp.c index 7e3b06dd4..714c2e522 100644 --- a/cups/ipp.c +++ b/cups/ipp.c @@ -3084,6 +3084,13 @@ ippReadIO(void *src, /* I - Data source */ ipp->state = IPP_STATE_DATA; break; } + else if (tag == IPP_TAG_ZERO || (tag == IPP_TAG_OPERATION && ipp->curtag != IPP_TAG_ZERO)) + { + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Invalid group tag."), 1); + DEBUG_printf(("1ippReadIO: bad tag 0x%02x.", tag)); + _cupsBufferRelease((char *)buffer); + return (IPP_STATE_ERROR); + } else if (tag < IPP_TAG_UNSUPPORTED_VALUE) { /* diff --git a/cups/testipp.c b/cups/testipp.c index 0a9024f1f..6dd192da9 100644 --- a/cups/testipp.c +++ b/cups/testipp.c @@ -738,7 +738,7 @@ main(int argc, /* I - Number of command-line arguments */ if (state != IPP_STATE_DATA) { - printf("Error reading IPP message from \"%s\".\n", argv[i]); + printf("Error reading IPP message from \"%s\": %s\n", argv[i], cupsLastErrorString()); status = 1; ippDelete(request); |