rpms / cups

Clone
Source Code
GIT

Blame SOURCES/cups-CVE-2014-2856.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5e704158657f7e31e3871077034d1393a782dd0b
  2.   SOURCES
  3.   cups-CVE-2014-2856.patch
Blob History Raw
5e7041 
diff -up cups-1.6.3/scheduler/client.c.CVE-2014-2856 cups-1.6.3/scheduler/client.c
5e7041 
--- cups-1.6.3/scheduler/client.c.CVE-2014-2856	2014-07-25 12:11:48.054960093 +0100
5e7041 
+++ cups-1.6.3/scheduler/client.c	2014-07-25 12:11:27.764854789 +0100
5e7041 
@@ -3686,6 +3686,14 @@ is_path_absolute(const char *path)	/* I
5e7041 
     return (0);
5e7041
5e7041 
  /*
5e7041 
+  * Check for "<" or quotes in the path and reject since this is probably
5e7041 
+  * someone trying to inject HTML...
5e7041 
+  */
5e7041 
+
5e7041 
+  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
5e7041 
+    return (0);
5e7041 
+
5e7041 
+ /*
5e7041 
   * Check for "/.." in the path...
5e7041 
   */
5e7041

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation