From 161ac53c83c58fcdff904862051125aeb584487e Mon Sep 17 00:00:00 2001 From: zhouwenpei Date: Mon, 26 Jun 2023 06:56:53 +0000 Subject: [PATCH] fix CVE-2023-34241 --- backport-CVE-2023-34241.patch | 63 +++++++++++++++++++++++++++++++++++ cups.spec | 6 +++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2023-34241.patch diff --git a/backport-CVE-2023-34241.patch b/backport-CVE-2023-34241.patch new file mode 100644 index 0000000..0d0618c --- /dev/null +++ b/backport-CVE-2023-34241.patch @@ -0,0 +1,63 @@ +From 450b6ba5f3785d18095a56eb9fbd5bbdaad43d1a Mon Sep 17 00:00:00 2001 +From: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Thu, 1 Jun 2023 11:33:39 -0400 +Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection + +httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to. + +We have to log the hostname first. +--- + scheduler/client.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/scheduler/client.c b/scheduler/client.c +index 236355a..d76e1e0 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -203,13 +203,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + /* + * Can't have an unresolved IP address with double-lookups enabled... + */ +- +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, +- "Name lookup failed - connection from %s closed!", ++ "Name lookup failed - closing connection from %s!", + httpGetHostname(con->http, NULL, 0)); + ++ httpClose(con->http); + free(con); + return; + } +@@ -245,11 +243,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + * with double-lookups enabled... + */ + +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, +- "IP lookup failed - connection from %s closed!", ++ "IP lookup failed - closing connection from %s!", + httpGetHostname(con->http, NULL, 0)); ++ ++ httpClose(con->http); + free(con); + return; + } +@@ -266,11 +264,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + + if (!hosts_access(&wrap_req)) + { +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, + "Connection from %s refused by /etc/hosts.allow and " + "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); ++ ++ httpClose(con->http); + free(con); + return; + } +-- +2.33.0 diff --git a/cups.spec b/cups.spec index ee8c1a2..5e712c3 100644 --- a/cups.spec +++ b/cups.spec @@ -1,7 +1,7 @@ Name: cups Epoch: 1 Version: 2.2.13 -Release: 16 +Release: 17 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: GPLv2+ and LGPLv2+ with exceptions and AML Url: http://www.cups.org/ @@ -40,6 +40,7 @@ Patch6002: backport-CVE-2022-26691.patch Patch6003: CVE-2019-8842.patch Patch6004: backport-CVE-2023-32324.patch Patch6005: fix-httpAddrGetList-test-case-fail.patch +Patch6006: backport-CVE-2023-34241.patch Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat @@ -334,6 +335,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Mon Jun 26 2023 zhouwenpei - 1:2.2.13-17 +- fix CVE-2023-34241 + * Fri Jun 9 2023 zhangpan - 1:2.2.13-16 - fix build error -- Gitee