|
| 1 | +From 192f5bd1b197e577b2332d4fdc8038c6b2993d6e Mon Sep 17 00:00:00 2001 |
| 2 | +From: kavyasree <kkaitepalli@microsoft.com> |
| 3 | +Date: Thu, 21 Nov 2024 13:46:00 +0530 |
| 4 | +Subject: [PATCH] Fix CVE-2024-35235 |
| 5 | + |
| 6 | +--- |
| 7 | + cups/http-addr.c | 37 +++++++++++++++++++------------------ |
| 8 | + scheduler/conf.c | 20 ++++++++++++++++++++ |
| 9 | + 2 files changed, 39 insertions(+), 18 deletions(-) |
| 10 | + |
| 11 | +diff --git a/cups/http-addr.c b/cups/http-addr.c |
| 12 | +index 8e81c6f..d65d4cc 100644 |
| 13 | +--- a/cups/http-addr.c |
| 14 | ++++ b/cups/http-addr.c |
| 15 | +@@ -199,28 +199,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ |
| 16 | + /* |
| 17 | + * Remove any existing domain socket file... |
| 18 | + */ |
| 19 | ++ if ((status = unlink(addr->un.sun_path)) < 0) |
| 20 | ++ { |
| 21 | ++ DEBUG_printf("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)); |
| 22 | + |
| 23 | +- unlink(addr->un.sun_path); |
| 24 | +- |
| 25 | +- /* |
| 26 | +- * Save the current umask and set it to 0 so that all users can access |
| 27 | +- * the domain socket... |
| 28 | +- */ |
| 29 | +- |
| 30 | +- mask = umask(0); |
| 31 | +- |
| 32 | +- /* |
| 33 | +- * Bind the domain socket... |
| 34 | +- */ |
| 35 | + |
| 36 | +- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); |
| 37 | ++ if (errno == ENOENT) |
| 38 | ++ status = 0; |
| 39 | ++ } |
| 40 | + |
| 41 | +- /* |
| 42 | +- * Restore the umask and fix permissions... |
| 43 | +- */ |
| 44 | ++ if (!status) |
| 45 | ++ { |
| 46 | ++ // Save the current umask and set it to 0 so that all users can access |
| 47 | ++ // the domain socket... |
| 48 | ++ mask = umask(0); |
| 49 | + |
| 50 | +- umask(mask); |
| 51 | +- chmod(addr->un.sun_path, 0140777); |
| 52 | ++ // Bind the domain socket... |
| 53 | ++ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) |
| 54 | ++ { |
| 55 | ++ DEBUG_printf("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)); |
| 56 | ++ } |
| 57 | ++ // Restore the umask... |
| 58 | ++ umask(mask); |
| 59 | ++ } |
| 60 | + } |
| 61 | + else |
| 62 | + #endif /* AF_LOCAL */ |
| 63 | +diff --git a/scheduler/conf.c b/scheduler/conf.c |
| 64 | +index 74531a8..180ef9b 100644 |
| 65 | +--- a/scheduler/conf.c |
| 66 | ++++ b/scheduler/conf.c |
| 67 | +@@ -3071,6 +3071,26 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ |
| 68 | + cupsd_listener_t *lis; /* New listeners array */ |
| 69 | + |
| 70 | + |
| 71 | ++ /* |
| 72 | ++ * If we are launched on-demand, do not use domain sockets from the config |
| 73 | ++ * file. Also check that the domain socket path is not too long... |
| 74 | ++ */ |
| 75 | ++ |
| 76 | ++#ifdef HAVE_ONDEMAND |
| 77 | ++ if (*value == '/' && OnDemand) |
| 78 | ++ { |
| 79 | ++ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) |
| 80 | ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); |
| 81 | ++ continue; |
| 82 | ++ } |
| 83 | ++#endif // HAVE_ONDEMAND |
| 84 | ++ |
| 85 | ++ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) |
| 86 | ++ { |
| 87 | ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); |
| 88 | ++ continue; |
| 89 | ++ } |
| 90 | ++ |
| 91 | + /* |
| 92 | + * Get the address list... |
| 93 | + */ |
| 94 | +-- |
| 95 | +2.34.1 |
| 96 | + |
0 commit comments