diff options
Diffstat (limited to 'meta/recipes-extended/cups/cups/CVE-2023-4504.patch')
-rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2023-4504.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch new file mode 100644 index 0000000000..e52e43a209 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch @@ -0,0 +1,42 @@ +CVE: CVE-2023-4504 +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal <zdohnal@redhat.com> +Date: Wed, 20 Sep 2023 14:45:17 +0200 +Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 + +We didn't check for end of buffer if it looks there is an escaped +character - check for NULL terminator there and if found, return NULL +as return value and in `ptr`, because a lone backslash is not +a valid PostScript character. +--- + cups/raster-interpret.c | 14 +++++++++++++- + 1 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c +index 6fcf731b5..b8655c8c6 100644 +--- a/cups/raster-interpret.c ++++ b/cups/raster-interpret.c +@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ + + cur ++; + +- if (*cur == 'b') ++ /* ++ * Return NULL if we reached NULL terminator, a lone backslash ++ * is not a valid character in PostScript. ++ */ ++ ++ if (!*cur) ++ { ++ *ptr = NULL; ++ ++ return (NULL); ++ } ++ ++ if (*cur == 'b') + *valptr++ = '\b'; + else if (*cur == 'f') + *valptr++ = '\f'; |