diff options
Diffstat (limited to 'meta/recipes-extended/cups/cups/CVE-2023-4504.patch')
-rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2023-4504.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch new file mode 100644 index 0000000000..be0db1fbd4 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch @@ -0,0 +1,40 @@ +From a9a7daa77699bd58001c25df8a61a8029a217ddf Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal <zdohnal@redhat.com> +Date: Fri, 1 Sep 2023 16:47:29 +0200 +Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 + +We didn't check for end of buffer if it looks there is an escaped +character - check for NULL terminator there and if found, return NULL +as return value and in `ptr`, because a lone backslash is not +a valid PostScript character. + +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31] +CVE: CVE-2023-4504 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + cups/raster-interpret.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/cups/raster-interpret.c ++++ b/cups/raster-interpret.c +@@ -1113,7 +1113,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - S + + cur ++; + +- if (*cur == 'b') ++ /* ++ * Return NULL if we reached NULL terminator, a lone backslash ++ * is not a valid character in PostScript. ++ */ ++ ++ if (!*cur) ++ { ++ *ptr = NULL; ++ ++ return (NULL); ++ } ++ ++ if (*cur == 'b') + *valptr++ = '\b'; + else if (*cur == 'f') + *valptr++ = '\f'; |