代码拉取完成,页面将自动刷新
From 95576ec3d20c109332d14672a807353cdc551018 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 26 Sep 2024 23:09:29 +0200
Subject: [PATCH] cfGetPrinterAttributes5(): Validate response attributes
before return
The destination can be corrupted or forged, so validate the response
to strenghten security measures.
Fixes CVE-2024-47076
---
cupsfilters/ipp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
index d703327..88f66b5 100644
--- a/cupsfilters/ipp.c
+++ b/cupsfilters/ipp.c
@@ -402,6 +402,14 @@ get_printer_attributes5(http_t *http_printer,
total_attrs);
ippDelete(response);
} else {
+
+ // Check if the response is valid
+ if (!ippValidateAttributes(response))
+ {
+ ippDelete(response);
+ response = NULL;
+ }
+
/* Suitable response, we are done */
if (have_http == 0) httpClose(http_printer);
if (uri) free(uri);
--
2.43.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手