rpms / cups

Clone
Source Code
GIT

Blame SOURCES/cups-CVE-2014-2856.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c5086f300714d93d88b67f1d9a80003c370cc19b
  2.   SOURCES
  3.   cups-CVE-2014-2856.patch
Blob History Raw
c5086f 
diff -up cups-1.6.3/scheduler/client.c.CVE-2014-2856 cups-1.6.3/scheduler/client.c
c5086f 
--- cups-1.6.3/scheduler/client.c.CVE-2014-2856	2014-07-25 12:11:48.054960093 +0100
c5086f 
+++ cups-1.6.3/scheduler/client.c	2014-07-25 12:11:27.764854789 +0100
c5086f 
@@ -3686,6 +3686,14 @@ is_path_absolute(const char *path)	/* I
c5086f 
     return (0);
c5086f
c5086f 
  /*
c5086f 
+  * Check for "<" or quotes in the path and reject since this is probably
c5086f 
+  * someone trying to inject HTML...
c5086f 
+  */
c5086f 
+
c5086f 
+  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
c5086f 
+    return (0);
c5086f 
+
c5086f 
+ /*
c5086f 
   * Check for "/.." in the path...
c5086f 
   */
c5086f

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation