cups/patches/cups-1.2.12-CVE-2007-4045.patch

diff -up cups-1.2.4/scheduler/client.c.CVE-2007-4045 cups-1.2.4/scheduler/client.c
--- cups-1.2.4/scheduler/client.c.CVE-2007-4045	2007-10-30 09:51:04.000000000 +0000
+++ cups-1.2.4/scheduler/client.c	2007-10-30 10:07:10.000000000 +0000
@@ -105,6 +105,25 @@ static int		write_file(cupsd_client_t *c
 				   struct stat *filestats);
 
 
+void
+_cupsdFixClientsBIO(void)
+{
+#ifdef HAVE_LIBSSL
+  cupsd_client_t *c;
+  BIO *bio;
+  cupsArraySave (Clients);
+  for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
+       c;
+       c = (cupsd_client_t *)cupsArrayNext(Clients))
+  {
+    bio = SSL_get_wbio(c->http.tls);
+    BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
+  }
+  cupsArrayRestore (Clients);
+#endif
+}
+
+
 /*
  * 'cupsdAcceptClient()' - Accept a new client.
  */
@@ -438,6 +457,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
   }
 
   cupsArrayAdd(Clients, con);
+  _cupsdFixClientsBIO();
 
   cupsdLogMessage(CUPSD_LOG_DEBUG2,
                   "cupsdAcceptClient: %d connected to server on %s:%d",
@@ -729,6 +749,7 @@ cupsdCloseClient(cupsd_client_t *con)	/*
     */
 
     cupsArrayRemove(Clients, con);
+    _cupsdFixClientsBIO();
 
     free(con);
   }
diff -up cups-1.2.4/scheduler/main.c.CVE-2007-4045 cups-1.2.4/scheduler/main.c
--- cups-1.2.4/scheduler/main.c.CVE-2007-4045	2007-10-30 09:51:04.000000000 +0000
+++ cups-1.2.4/scheduler/main.c	2007-10-30 09:51:05.000000000 +0000
@@ -948,7 +948,7 @@ main(int  argc,				/* I - Number of comm
       * Write data as needed...
       */
 
-      if (con->pipe_pid && FD_ISSET(con->file, input))
+      if (con->pipe_pid && con->file >= 0 && FD_ISSET(con->file, input))
       {
        /*
         * Keep track of pending input from the file/pipe separately

1	niro	435	diff -up cups-1.2.4/scheduler/client.c.CVE-2007-4045 cups-1.2.4/scheduler/client.c
2			--- cups-1.2.4/scheduler/client.c.CVE-2007-4045 2007-10-30 09:51:04.000000000 +0000
3			+++ cups-1.2.4/scheduler/client.c 2007-10-30 10:07:10.000000000 +0000
4			@@ -105,6 +105,25 @@ static int write_file(cupsd_client_t *c
5			struct stat *filestats);
6
7
8			+void
9			+_cupsdFixClientsBIO(void)
10			+{
11			+#ifdef HAVE_LIBSSL
12			+ cupsd_client_t *c;
13			+ BIO *bio;
14			+ cupsArraySave (Clients);
15			+ for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
16			+ c;
17			+ c = (cupsd_client_t *)cupsArrayNext(Clients))
18			+ {
19			+ bio = SSL_get_wbio(c->http.tls);
20			+ BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
21			+ }
22			+ cupsArrayRestore (Clients);
23			+#endif
24			+}
25			+
26			+
27			/*
28			* 'cupsdAcceptClient()' - Accept a new client.
29			*/
30			@@ -438,6 +457,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
31			}
32
33			cupsArrayAdd(Clients, con);
34			+ _cupsdFixClientsBIO();
35
36			cupsdLogMessage(CUPSD_LOG_DEBUG2,
37			"cupsdAcceptClient: %d connected to server on %s:%d",
38			@@ -729,6 +749,7 @@ cupsdCloseClient(cupsd_client_t con) /
39			*/
40
41			cupsArrayRemove(Clients, con);
42			+ _cupsdFixClientsBIO();
43
44			free(con);
45			}
46			diff -up cups-1.2.4/scheduler/main.c.CVE-2007-4045 cups-1.2.4/scheduler/main.c
47			--- cups-1.2.4/scheduler/main.c.CVE-2007-4045 2007-10-30 09:51:04.000000000 +0000
48			+++ cups-1.2.4/scheduler/main.c 2007-10-30 09:51:05.000000000 +0000
49			@@ -948,7 +948,7 @@ main(int argc, /* I - Number of comm
50			* Write data as needed...
51			*/
52
53			- if (con->pipe_pid && FD_ISSET(con->file, input))
54			+ if (con->pipe_pid && con->file >= 0 && FD_ISSET(con->file, input))
55			{
56			/*
57			* Keep track of pending input from the file/pipe separately
58