Contents of /trunk/cups/patches/cups-1.2.12-CVE-2007-4045.patch
Parent Directory | Revision Log
Revision 435 -
(show annotations)
(download)
Wed Dec 19 16:14:13 2007 UTC (16 years, 9 months ago) by niro
File size: 1737 byte(s)
Wed Dec 19 16:14:13 2007 UTC (16 years, 9 months ago) by niro
File size: 1737 byte(s)
-security fixes
1 | diff -up cups-1.2.4/scheduler/client.c.CVE-2007-4045 cups-1.2.4/scheduler/client.c |
2 | --- cups-1.2.4/scheduler/client.c.CVE-2007-4045 2007-10-30 09:51:04.000000000 +0000 |
3 | +++ cups-1.2.4/scheduler/client.c 2007-10-30 10:07:10.000000000 +0000 |
4 | @@ -105,6 +105,25 @@ static int write_file(cupsd_client_t *c |
5 | struct stat *filestats); |
6 | |
7 | |
8 | +void |
9 | +_cupsdFixClientsBIO(void) |
10 | +{ |
11 | +#ifdef HAVE_LIBSSL |
12 | + cupsd_client_t *c; |
13 | + BIO *bio; |
14 | + cupsArraySave (Clients); |
15 | + for (c = (cupsd_client_t *)cupsArrayFirst(Clients); |
16 | + c; |
17 | + c = (cupsd_client_t *)cupsArrayNext(Clients)) |
18 | + { |
19 | + bio = SSL_get_wbio(c->http.tls); |
20 | + BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c)); |
21 | + } |
22 | + cupsArrayRestore (Clients); |
23 | +#endif |
24 | +} |
25 | + |
26 | + |
27 | /* |
28 | * 'cupsdAcceptClient()' - Accept a new client. |
29 | */ |
30 | @@ -438,6 +457,7 @@ cupsdAcceptClient(cupsd_listener_t *lis) |
31 | } |
32 | |
33 | cupsArrayAdd(Clients, con); |
34 | + _cupsdFixClientsBIO(); |
35 | |
36 | cupsdLogMessage(CUPSD_LOG_DEBUG2, |
37 | "cupsdAcceptClient: %d connected to server on %s:%d", |
38 | @@ -729,6 +749,7 @@ cupsdCloseClient(cupsd_client_t *con) /* |
39 | */ |
40 | |
41 | cupsArrayRemove(Clients, con); |
42 | + _cupsdFixClientsBIO(); |
43 | |
44 | free(con); |
45 | } |
46 | diff -up cups-1.2.4/scheduler/main.c.CVE-2007-4045 cups-1.2.4/scheduler/main.c |
47 | --- cups-1.2.4/scheduler/main.c.CVE-2007-4045 2007-10-30 09:51:04.000000000 +0000 |
48 | +++ cups-1.2.4/scheduler/main.c 2007-10-30 09:51:05.000000000 +0000 |
49 | @@ -948,7 +948,7 @@ main(int argc, /* I - Number of comm |
50 | * Write data as needed... |
51 | */ |
52 | |
53 | - if (con->pipe_pid && FD_ISSET(con->file, input)) |
54 | + if (con->pipe_pid && con->file >= 0 && FD_ISSET(con->file, input)) |
55 | { |
56 | /* |
57 | * Keep track of pending input from the file/pipe separately |
58 |