Fix domain socket handling
(cherry picked from commit 3ebc07758d76473d64f70b9183ce85c74c8642fc)
This commit is contained in:
baiguo
openeuler-sync-bot
parent
7b8dcfbdde
commit
f0174c8c86
99
backport-Fix-CVE-2024-35235.patch
Normal file
99
backport-Fix-CVE-2024-35235.patch
Normal file
@ -0,0 +1,99 @@
|
||||
From a436956f374b0fd7f5da9df482e4f5840fa1c0d2 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Mon, 3 Jun 2024 18:53:58 +020
|
||||
Subject: [PATCH] Fix domain socket handling
|
||||
Reference: https://github.com/OpenPrinting/cups/commit/a436956f374b0fd7f5da9df482e4f5840fa1c0d2
|
||||
|
||||
---
|
||||
cups/http-addr.c | 40 +++++++++++++++++++---------------------
|
||||
scheduler/conf.c | 19 +++++++++++++++++++
|
||||
2 files changed, 38 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/cups/http-addr.c b/cups/http-addr.c
|
||||
index 1926188..b806fbc 100644
|
||||
--- a/cups/http-addr.c
|
||||
+++ b/cups/http-addr.c
|
||||
@@ -206,31 +206,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
|
||||
{
|
||||
mode_t mask; /* Umask setting */
|
||||
|
||||
- /*
|
||||
- * Remove any existing domain socket file...
|
||||
- */
|
||||
-
|
||||
- unlink(addr->un.sun_path);
|
||||
-
|
||||
- /*
|
||||
- * Save the current umask and set it to 0 so that all users can access
|
||||
- * the domain socket...
|
||||
- */
|
||||
-
|
||||
- mask = umask(0);
|
||||
+ if ((status = unlink(addr->un.sun_path)) < 0)
|
||||
+ {
|
||||
+ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
|
||||
|
||||
- /*
|
||||
- * Bind the domain socket...
|
||||
- */
|
||||
+ if (errno == ENOENT)
|
||||
+ status = 0;
|
||||
+ }
|
||||
|
||||
- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
|
||||
+ if (!status)
|
||||
+ {
|
||||
+ // Save the current umask and set it to 0 so that all users can access
|
||||
+ // the domain socket...
|
||||
+ mask = umask(0);
|
||||
|
||||
- /*
|
||||
- * Restore the umask and fix permissions...
|
||||
- */
|
||||
+ // Bind the domain socket...
|
||||
+ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
|
||||
+ {
|
||||
+ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
|
||||
+ }
|
||||
|
||||
- umask(mask);
|
||||
- chmod(addr->un.sun_path, 0140777);
|
||||
+ // Restore the umask...
|
||||
+ umask(mask);
|
||||
+ }
|
||||
}
|
||||
else
|
||||
#endif /* AF_LOCAL */
|
||||
diff --git a/scheduler/conf.c b/scheduler/conf.c
|
||||
index e44736b..a5ba6cb 100644
|
||||
--- a/scheduler/conf.c
|
||||
+++ b/scheduler/conf.c
|
||||
@@ -3073,6 +3073,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
||||
|
||||
cupsd_listener_t *lis; /* New listeners array */
|
||||
|
||||
+ /*
|
||||
+ * If we are launched on-demand, do not use domain sockets from the config
|
||||
+ * file. Also check that the domain socket path is not too long...
|
||||
+ */
|
||||
+
|
||||
+#ifdef HAVE_ONDEMAND
|
||||
+ if (*value == '/' && OnDemand)
|
||||
+ {
|
||||
+ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
|
||||
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
|
||||
+ continue;
|
||||
+ }
|
||||
+#endif // HAVE_ONDEMAND
|
||||
+
|
||||
+ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
|
||||
+ {
|
||||
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
|
||||
+ continue;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Get the address list...
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.4.0
|
||||
Release: 10
|
||||
Release: 11
|
||||
Summary: CUPS is the standards-based, open source printing system for linux operating systems.
|
||||
License: Apache-2.0 WITH LLVM-exception
|
||||
Url: https://openprinting.github.io/cups/
|
||||
@ -31,6 +31,7 @@ Patch6003: backport-CVE-2023-32324.patch
|
||||
Patch6004: fix-httpAddrGetList-test-case-fail.patch
|
||||
Patch6005: backport-CVE-2023-34241.patch
|
||||
Patch6006: backport-CVE-2023-4504.patch
|
||||
Patch6007: backport-Fix-CVE-2024-35235.patch
|
||||
|
||||
BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0)
|
||||
BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups
|
||||
@ -452,6 +453,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
|
||||
%doc %{_datadir}/%{name}/www/apple-touch-icon.png
|
||||
|
||||
%changelog
|
||||
* Wed Jun 12 2024 baiguo <baiguo@kylinos.cn> - 1:2.4.0-11
|
||||
- fix CVE-2024-35235
|
||||
|
||||
* Fri Sep 22 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 1:2.4.0-10
|
||||
- fix CVE-2023-4504
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user