diff options
| author | Steve Algernon <salgernon@apple.com> | 2022-05-25 11:36:12 -0700 |
|---|---|---|
| committer | Steve Algernon <salgernon@apple.com> | 2022-05-25 14:13:34 -0700 |
| commit | 0bc9dc4658c26920a3f66da7dd234be463ca572e (patch) | |
| tree | a2e794baef4d50a55bb8d69ee9679cfb3aba3a12 | |
| parent | 696f74ae67a56ccb9362cc9a1f63fbc197e89875 (diff) | |
| download | cups-0bc9dc4658c26920a3f66da7dd234be463ca572e.tar.gz | |
CVE-2022-26691: An incorrect comparison in local admin authentication
| -rw-r--r-- | scheduler/cert.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scheduler/cert.c b/scheduler/cert.c index 258e8fc83..2a28b568f 100644 --- a/scheduler/cert.c +++ b/scheduler/cert.c @@ -434,5 +434,9 @@ ctcompare(const char *a, /* I - First string */ b ++; } + // either both *a and *b == '\0', or one points inside a string, + // so factor that in. + result |= (*a ^ *b); + return (result); } |