diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 07:33:50 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 07:33:50 +0000 |
commit | 0dabf557b83072a583dfb8c316048783039fe34e (patch) | |
tree | 178e89b1e9d9b51eb0d12e32067cc6b6187d7e03 /main/cups/CVE-2014-5029_5030_5031.patch | |
parent | 8ed8bf5e79c29b662ee26b6ba0895c891101f1d4 (diff) | |
download | aports-0dabf557b83072a583dfb8c316048783039fe34e.tar.bz2 aports-0dabf557b83072a583dfb8c316048783039fe34e.tar.xz |
main/cups: security fix (CVE-2014-3537,CVE-2014-5029,5030,5031)
Diffstat (limited to 'main/cups/CVE-2014-5029_5030_5031.patch')
-rw-r--r-- | main/cups/CVE-2014-5029_5030_5031.patch | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/main/cups/CVE-2014-5029_5030_5031.patch b/main/cups/CVE-2014-5029_5030_5031.patch new file mode 100644 index 0000000000..d80768a92a --- /dev/null +++ b/main/cups/CVE-2014-5029_5030_5031.patch @@ -0,0 +1,89 @@ +Index: scheduler/client.c +=================================================================== +--- ./scheduler/client.c (revision 12054) ++++ ./scheduler/client.c (working copy) +@@ -3310,7 +3310,7 @@ + * then fallback to the default one... + */ + +- if ((status = stat(filename, filestats)) != 0 && language[0] && ++ if ((status = lstat(filename, filestats)) != 0 && language[0] && + strncmp(con->uri, "/icons/", 7) && + strncmp(con->uri, "/ppd/", 5) && + strncmp(con->uri, "/rss/", 5) && +@@ -3408,13 +3408,13 @@ + plen = len - (ptr - filename); + + strlcpy(ptr, "index.html", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + + #ifdef HAVE_JAVA + if (status) + { + strlcpy(ptr, "index.class", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_JAVA */ + +@@ -3422,7 +3422,7 @@ + if (status) + { + strlcpy(ptr, "index.pl", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PERL */ + +@@ -3430,7 +3430,7 @@ + if (status) + { + strlcpy(ptr, "index.php", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PHP */ + +@@ -3438,18 +3438,39 @@ + if (status) + { + strlcpy(ptr, "index.pyc", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + + if (status) + { + strlcpy(ptr, "index.py", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PYTHON */ + + } + while (status && language[0]); ++ ++ /* ++ * If we've found a symlink, 404 the sucker to avoid disclosing information. ++ */ ++ ++ if (!status && S_ISLNK(filestats->st_mode)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Symlinks such as \"%s\" are not allowed.", con->http.fd, filename); ++ return (NULL); ++ } ++ ++ /* ++ * Similarly, if the file/directory does not have world read permissions, do ++ * not allow access... ++ */ ++ ++ if (!status && !(filestats->st_mode & S_IROTH)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename); ++ return (NULL); ++ } + } + + cupsdLogMessage(CUPSD_LOG_DEBUG2, |