mirror of
https://gitee.com/openharmony/third_party_cups
synced 2024-11-23 09:59:45 +00:00
45 lines
1.2 KiB
Diff
45 lines
1.2 KiB
Diff
From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Dohnal <zdohnal@redhat.com>
|
|
Date: Wed, 20 Sep 2023 14:45:17 +0200
|
|
Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
|
|
|
|
We didn't check for end of buffer if it looks there is an escaped
|
|
character - check for NULL terminator there and if found, return NULL
|
|
as return value and in `ptr`, because a lone backslash is not
|
|
a valid PostScript character.
|
|
|
|
Reference:https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31
|
|
Conflict:Patch context adaptation
|
|
|
|
---
|
|
cups/raster-interpret.c | 14 +++++++++++++-
|
|
1 files changed, 14 insertions(+)
|
|
|
|
diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
|
|
index 6fcf731b5..b8655c8c6 100644
|
|
--- a/cups/raster-interpret.c
|
|
+++ b/cups/raster-interpret.c
|
|
@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */
|
|
|
|
cur ++;
|
|
|
|
- if (*cur == 'b')
|
|
+ /*
|
|
+ * Return NULL if we reached NULL terminator, a lone backslash
|
|
+ * is not a valid character in PostScript.
|
|
+ */
|
|
+
|
|
+ if (!*cur)
|
|
+ {
|
|
+ *ptr = NULL;
|
|
+
|
|
+ return (NULL);
|
|
+ }
|
|
+
|
|
+ if (*cur == 'b')
|
|
*valptr++ = '\b';
|
|
else if (*cur == 'f')
|
|
*valptr++ = '\f';
|
|
|
|
|