diff options
author | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-08-15 14:06:47 -0400 |
---|---|---|
committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-08-15 14:06:47 -0400 |
commit | 2c030c7a06e0c2b8227c7e85f5c58dfb339731d0 (patch) | |
tree | 87e6adc4798757791b2782935ad5f06132283456 /scheduler | |
parent | d784ca2f837b6c221d97ec0850b7020d13db75a5 (diff) | |
download | cups-2c030c7a06e0c2b8227c7e85f5c58dfb339731d0.tar.gz |
Multiple security/disclosure issues:
- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251)
- Fixed IPP buffer overflow (rdar://50035411)
- Fixed memory disclosure issue in the scheduler (rdar://51373853)
- Fixed DoS issues in the scheduler (rdar://51373929)
Diffstat (limited to 'scheduler')
-rw-r--r-- | scheduler/client.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/scheduler/client.c b/scheduler/client.c index 923a6e67a..f693e7c49 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -564,6 +564,17 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cupsdReadClient: error=%d, used=%d, state=%s, data_encoding=HTTP_ENCODING_%s, data_remaining=" CUPS_LLFMT ", request=%p(%s), file=%d", httpError(con->http), (int)httpGetReady(con->http), httpStateString(httpGetState(con->http)), httpIsChunked(con->http) ? "CHUNKED" : "LENGTH", CUPS_LLCAST httpGetRemaining(con->http), con->request, con->request ? ippStateString(ippGetState(con->request)) : "", con->file); + if (httpError(con->http) == EPIPE && !httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1) + { + /* + * Connection closed... + */ + + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF."); + cupsdCloseClient(con); + return; + } + if (httpGetState(con->http) == HTTP_STATE_GET_SEND || httpGetState(con->http) == HTTP_STATE_POST_SEND || httpGetState(con->http) == HTTP_STATE_STATUS) @@ -573,17 +584,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ * connection and we need to shut it down... */ - if (!httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1) - { - /* - * Connection closed... - */ - - cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF."); - cupsdCloseClient(con); - return; - } - cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on unexpected HTTP read state %s.", httpStateString(httpGetState(con->http))); cupsdCloseClient(con); return; @@ -1950,6 +1950,7 @@ cupsdSendError(cupsd_client_t *con, /* I - Connection */ strlcpy(location, httpGetField(con->http, HTTP_FIELD_LOCATION), sizeof(location)); httpClearFields(con->http); + httpClearCookie(con->http); httpSetField(con->http, HTTP_FIELD_LOCATION, location); |