cups/patches/cups-1.2.12-CVE-2007-4045.patch

diff -up cups-1.2.4/scheduler/client.c.CVE-2007-4045 cups-1.2.4/scheduler/client.c
--- cups-1.2.4/scheduler/client.c.CVE-2007-4045	2007-10-30 09:51:04.000000000 +0000
+++ cups-1.2.4/scheduler/client.c	2007-10-30 10:07:10.000000000 +0000
@@ -105,6 +105,25 @@ static int		write_file(cupsd_client_t *c
 				   struct stat *filestats);
 
 
+void
+_cupsdFixClientsBIO(void)
+{
+#ifdef HAVE_LIBSSL
+  cupsd_client_t *c;
+  BIO *bio;
+  cupsArraySave (Clients);
+  for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
+       c;
+       c = (cupsd_client_t *)cupsArrayNext(Clients))
+  {
+    bio = SSL_get_wbio(c->http.tls);
+    BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
+  }
+  cupsArrayRestore (Clients);
+#endif
+}
+
+
 /*
  * 'cupsdAcceptClient()' - Accept a new client.
  */
@@ -438,6 +457,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
   }
 
   cupsArrayAdd(Clients, con);
+  _cupsdFixClientsBIO();
 
   cupsdLogMessage(CUPSD_LOG_DEBUG2,
                   "cupsdAcceptClient: %d connected to server on %s:%d",
@@ -729,6 +749,7 @@ cupsdCloseClient(cupsd_client_t *con)	/*
     */
 
     cupsArrayRemove(Clients, con);
+    _cupsdFixClientsBIO();
 
     free(con);
   }
diff -up cups-1.2.4/scheduler/main.c.CVE-2007-4045 cups-1.2.4/scheduler/main.c
--- cups-1.2.4/scheduler/main.c.CVE-2007-4045	2007-10-30 09:51:04.000000000 +0000
+++ cups-1.2.4/scheduler/main.c	2007-10-30 09:51:05.000000000 +0000
@@ -948,7 +948,7 @@ main(int  argc,				/* I - Number of comm
       * Write data as needed...
       */
 
-      if (con->pipe_pid && FD_ISSET(con->file, input))
+      if (con->pipe_pid && con->file >= 0 && FD_ISSET(con->file, input))
       {
        /*
         * Keep track of pending input from the file/pipe separately

1	diff -up cups-1.2.4/scheduler/client.c.CVE-2007-4045 cups-1.2.4/scheduler/client.c
2	--- cups-1.2.4/scheduler/client.c.CVE-2007-4045 2007-10-30 09:51:04.000000000 +0000
3	+++ cups-1.2.4/scheduler/client.c 2007-10-30 10:07:10.000000000 +0000
4	@@ -105,6 +105,25 @@ static int write_file(cupsd_client_t *c
5	struct stat *filestats);
6
7
8	+void
9	+_cupsdFixClientsBIO(void)
10	+{
11	+#ifdef HAVE_LIBSSL
12	+ cupsd_client_t *c;
13	+ BIO *bio;
14	+ cupsArraySave (Clients);
15	+ for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
16	+ c;
17	+ c = (cupsd_client_t *)cupsArrayNext(Clients))
18	+ {
19	+ bio = SSL_get_wbio(c->http.tls);
20	+ BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
21	+ }
22	+ cupsArrayRestore (Clients);
23	+#endif
24	+}
25	+
26	+
27	/*
28	* 'cupsdAcceptClient()' - Accept a new client.
29	*/
30	@@ -438,6 +457,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
31	}
32
33	cupsArrayAdd(Clients, con);
34	+ _cupsdFixClientsBIO();
35
36	cupsdLogMessage(CUPSD_LOG_DEBUG2,
37	"cupsdAcceptClient: %d connected to server on %s:%d",
38	@@ -729,6 +749,7 @@ cupsdCloseClient(cupsd_client_t con) /
39	*/
40
41	cupsArrayRemove(Clients, con);
42	+ _cupsdFixClientsBIO();
43
44	free(con);
45	}
46	diff -up cups-1.2.4/scheduler/main.c.CVE-2007-4045 cups-1.2.4/scheduler/main.c
47	--- cups-1.2.4/scheduler/main.c.CVE-2007-4045 2007-10-30 09:51:04.000000000 +0000
48	+++ cups-1.2.4/scheduler/main.c 2007-10-30 09:51:05.000000000 +0000
49	@@ -948,7 +948,7 @@ main(int argc, /* I - Number of comm
50	* Write data as needed...
51	*/
52
53	- if (con->pipe_pid && FD_ISSET(con->file, input))
54	+ if (con->pipe_pid && con->file >= 0 && FD_ISSET(con->file, input))
55	{
56	/*
57	* Keep track of pending input from the file/pipe separately
58