rpms
/
libppd
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:i10c-beta
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
..
compare: rpms:cs10
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta

No commits in common. 'i10c-beta' and 'cs10' have entirely different histories.
i10c-beta ... cs10

2 changed files with 444 additions and 3 deletions
Show Stats

435
SOURCES/0001-prevent-ppd-generation-based-on-invalid-ipp-response.patch
Unescape View File

@ -0,0 +1,435 @@
diff --git a/ppd/ppd-cache.c b/ppd/ppd-cache.c
index 95fb553..7e4ac41 100644
--- a/ppd/ppd-cache.c
+++ b/ppd/ppd-cache.c
@@ -4711,7 +4711,7 @@ ppdPwgPpdizeName(const char *ipp, // I - IPP keyword
*end; // End of name buffer
- if (!ipp)
+ if (!ipp || !_ppd_isalnum(*ipp))
{
*name = '\0';
return;
@@ -4721,13 +4721,19 @@ ppdPwgPpdizeName(const char *ipp, // I - IPP keyword
for (ptr = name + 1, end = name + namesize - 1; *ipp && ptr < end;)
{
- if (*ipp == '-' && _ppd_isalnum(ipp[1]))
+ if (*ipp == '-' && isalnum(ipp[1]))
{
ipp ++;
*ptr++ = (char)toupper(*ipp++ & 255);
}
- else
+ else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || isalnum(*ipp))
+ {
*ptr++ = *ipp++;
+ }
+ else
+ {
+ ipp ++;
+ }
}
*ptr = '\0';
diff --git a/ppd/ppd-generator.c b/ppd/ppd-generator.c
index 637e7b5..2a2b53b 100644
--- a/ppd/ppd-generator.c
+++ b/ppd/ppd-generator.c
@@ -51,6 +51,7 @@
static int http_connect(http_t **http, const char *url, char *resource,
size_t ressize);
+static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid);
//
@@ -187,6 +188,7 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
size_t status_msg_size) // I - Size of status
// message buffer
{
+ cups_lang_t *lang; // Localization language
cups_file_t *fp; // PPD file
cups_array_t *printer_sizes; // Media sizes we've added
cups_size_t *size; // Current media size
@@ -199,9 +201,10 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
ipp_t *media_col, // Media collection
*media_size; // Media size collection
char make[256], // Make and model
- *model, // Model name
+ *mptr, // Pointer into make and model
ppdname[PPD_MAX_NAME];
// PPD keyword
+ const char *model; // Model name
int i, j, // Looping vars
count = 0, // Number of values
bottom, // Largest bottom margin
@@ -283,6 +286,68 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
return (NULL);
}
+ //
+ // Get a sanitized make and model...
+ //
+
+ if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr))
+ {
+ // Sanitize the model name to only contain PPD-safe characters.
+ strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
+
+ for (mptr = make; *mptr; mptr ++)
+ {
+ if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"')
+ {
+ // Truncate the make and model on the first bad character...
+ *mptr = '\0';
+ break;
+ }
+ }
+
+ while (mptr > make)
+ {
+ // Strip trailing whitespace...
+ mptr --;
+ if (*mptr == ' ')
+ *mptr = '\0';
+ }
+
+ if (!make[0])
+ {
+ // Use a default make and model if nothing remains...
+ strlcpy(make, "Unknown", sizeof(make));
+ }
+ }
+ else
+ {
+ // Use a default make and model...
+ strlcpy(make, "Unknown", sizeof(make));
+ }
+
+ if (!strncasecmp(make, "Hewlett Packard ", 16) || !strncasecmp(make, "Hewlett-Packard ", 16))
+ {
+ // Normalize HP printer make and model...
+ model = make + 16;
+ strlcpy(make, "HP", sizeof(make));
+
+ if (!strncasecmp(model, "HP ", 3))
+ model += 3;
+ }
+ else if ((mptr = strchr(make, ' ')) != NULL)
+ {
+ // Separate "MAKE MODEL"...
+ while (*mptr && *mptr == ' ')
+ *mptr++ = '\0';
+
+ model = mptr;
+ }
+ else
+ {
+ // No separate model name...
+ model = "Printer";
+ }
+
//
// Standard stuff for PPD file...
//
@@ -311,25 +376,6 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
}
}
- if ((attr = ippFindAttribute(supported, "printer-make-and-model",
- IPP_TAG_TEXT)) != NULL)
- strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
- else if (make_model && make_model[0] != '\0')
- strlcpy(make, make_model, sizeof(make));
- else
- strlcpy(make, "Unknown Printer", sizeof(make));
-
- if (!strncasecmp(make, "Hewlett Packard ", 16) ||
- !strncasecmp(make, "Hewlett-Packard ", 16))
- {
- model = make + 16;
- strlcpy(make, "HP", sizeof(make));
- }
- else if ((model = strchr(make, ' ')) != NULL)
- *model++ = '\0';
- else
- model = make;
-
cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
cupsFilePrintf(fp, "*ModelName: \"%s %s\"\n", make, model);
cupsFilePrintf(fp, "*Product: \"(%s %s)\"\n", make, model);
@@ -425,21 +471,19 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
}
cupsFilePuts(fp, "\"\n");
- if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) !=
- NULL)
+ if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL));
- if ((attr = ippFindAttribute(supported, "printer-charge-info-uri",
- IPP_TAG_URI)) != NULL)
- cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0,
- NULL));
+ if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+ cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
// Message catalogs for UI strings
+ lang = cupsLangDefault();
opt_strings_catalog = cfCatalogOptionArrayNew();
cfCatalogLoad(NULL, NULL, opt_strings_catalog);
if ((attr = ippFindAttribute(supported, "printer-strings-uri",
- IPP_TAG_URI)) != NULL)
+ IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
{
printer_opt_strings_catalog = cfCatalogOptionArrayNew();
cfCatalogLoad(ippGetString(attr, 0, NULL), NULL,
@@ -492,7 +536,7 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
response = cupsDoRequest(http, request, resource);
if ((attr = ippFindAttribute(response, "printer-strings-uri",
- IPP_TAG_URI)) != NULL)
+ IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*cupsStringsURI %s: \"%s\"\n", keyword,
ippGetString(attr, 0, NULL));
@@ -518,13 +562,10 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
IPP_TAG_BOOLEAN), 0))
cupsFilePuts(fp, "*cupsJobAccountingUserId: True\n");
- if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri",
- IPP_TAG_URI)) != NULL)
- cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n",
- ippGetString(attr, 0, NULL));
+ if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+ cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n", ippGetString(attr, 0, NULL));
- if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes",
- IPP_TAG_KEYWORD)) != NULL)
+ if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr))
{
char prefix = '\"'; // Prefix for string
@@ -544,8 +585,7 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
cupsFilePuts(fp, "\"\n");
}
- if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes",
- IPP_TAG_KEYWORD)) != NULL)
+ if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr))
{
char prefix = '\"'; // Prefix for string
@@ -1401,15 +1441,15 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
if (!strcmp(sources[j], keyword))
break;
if (j >= 0)
- cupsFilePrintf(fp, "*InputSlot %s%s%s: \"<</MediaPosition %d>>setpagedevice\"\n",
- ppdname,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""), j);
+ {
+ cupsFilePrintf(fp, "*InputSlot %s: \"<</MediaPosition %d>>setpagedevice\"\n", ppdname, j);
+ ppd_put_string(fp, lang, "InputSlot", ppdname, human_readable);
+ }
else
- cupsFilePrintf(fp, "*InputSlot %s%s%s: \"\"\n",
- ppdname,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ {
+ cupsFilePrintf(fp, "*InputSlot %s%s%s:\"\"\n", ppdname, human_readable ? "/" : "", human_readable ? human_readable : "");
+ ppd_put_string(fp, lang, "InputSlot", ppdname, human_readable);
+ }
}
cupsFilePuts(fp, "*CloseUI: *InputSlot\n");
}
@@ -1444,11 +1484,8 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
human_readable = cfCatalogLookUpChoice((char *)keyword, "media-type",
opt_strings_catalog,
printer_opt_strings_catalog);
- cupsFilePrintf(fp, "*MediaType %s%s%s: \"<</MediaType(%s)>>setpagedevice\"\n",
- ppdname,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""),
- ppdname);
+ cupsFilePrintf(fp, "*MediaType %s: \"<</MediaType(%s)>>setpagedevice\"\n", ppdname, ppdname);
+ ppd_put_string(fp, lang, "MediaType", ppdname, human_readable);
}
cupsFilePuts(fp, "*CloseUI: *MediaType\n");
}
@@ -1771,10 +1808,8 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
human_readable = cfCatalogLookUpChoice((char *)keyword, "output-bin",
opt_strings_catalog,
printer_opt_strings_catalog);
- cupsFilePrintf(fp, "*OutputBin %s%s%s: \"\"\n",
- ppdname,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname);
+ ppd_put_string(fp, lang, "OutputBin", ppdname, human_readable);
outputorderinfofound = 0;
faceupdown = 1;
firsttolast = 1;
@@ -1953,9 +1988,8 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
human_readable = cfCatalogLookUpChoice(buf, "finishings",
opt_strings_catalog,
printer_opt_strings_catalog);
- cupsFilePrintf(fp, "*StapleLocation %s%s%s: \"\"\n", ppd_keyword,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword);
+ ppd_put_string(fp, lang, "StapleLocation", ppd_keyword, human_readable);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n",
value, keyword, ppd_keyword);
}
@@ -2045,9 +2079,8 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
human_readable = cfCatalogLookUpChoice(buf, "finishings",
opt_strings_catalog,
printer_opt_strings_catalog);
- cupsFilePrintf(fp, "*FoldType %s%s%s: \"\"\n", ppd_keyword,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword);
+ ppd_put_string(fp, lang, "FoldType", ppd_keyword, human_readable);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n",
value, keyword, ppd_keyword);
}
@@ -2144,9 +2177,8 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
human_readable = cfCatalogLookUpChoice(buf, "finishings",
opt_strings_catalog,
printer_opt_strings_catalog);
- cupsFilePrintf(fp, "*PunchMedia %s%s%s: \"\"\n", ppd_keyword,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword);
+ ppd_put_string(fp, lang, "PunchMedia", ppd_keyword, human_readable);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n",
value, keyword, ppd_keyword);
}
@@ -2237,9 +2269,8 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
human_readable = cfCatalogLookUpChoice(buf, "finishings",
opt_strings_catalog,
printer_opt_strings_catalog);
- cupsFilePrintf(fp, "*CutMedia %s%s%s: \"\"\n", ppd_keyword,
- (human_readable ? "/" : ""),
- (human_readable ? human_readable : ""));
+ cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword);
+ ppd_put_string(fp, lang, "CutMedia", ppd_keyword, human_readable);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n",
value, keyword, ppd_keyword);
}
@@ -2263,7 +2294,7 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
cupsFilePrintf(fp, "*OpenUI *cupsFinishingTemplate/%s: PickOne\n",
(human_readable ? human_readable : "Finishing Template"));
cupsFilePuts(fp, "*OrderDependency: 10 AnySetup *cupsFinishingTemplate\n");
- cupsFilePuts(fp, "*DefaultcupsFinishingTemplate: none\n");
+ cupsFilePuts(fp, "*DefaultcupsFinishingTemplate: None\n");
human_readable = cfCatalogLookUpChoice("3", "finishings",
opt_strings_catalog,
printer_opt_strings_catalog);
@@ -2294,8 +2325,9 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
printer_opt_strings_catalog);
if (human_readable == NULL)
human_readable = (char *)keyword;
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s/%s: \"\n", keyword,
- human_readable);
+ ppdPwgPpdizeName(keyword, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
+ ppd_put_string(fp, lang, "cupsFinishingTemplate", ppdname, human_readable);
for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr;
finishing_attr = ippNextAttribute(finishing_col)) {
if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) {
@@ -2559,14 +2591,14 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
if (!preset || !preset_name)
continue;
- if ((localized_name =
+ ppdPwgPpdizeName(preset_name, ppdname, sizeof(ppdname));
+
+ localized_name =
cfCatalogLookUpOption((char *)preset_name,
opt_strings_catalog,
- printer_opt_strings_catalog)) == NULL)
- cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name);
- else
- cupsFilePrintf(fp, "*APPrinterPreset %s/%s: \"\n", preset_name,
- localized_name);
+ printer_opt_strings_catalog);
+ cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname);
+ ppd_put_string(fp, lang, "APPrinterPreset", ppdname, localized_name);
for (member = ippFirstAttribute(preset); member;
member = ippNextAttribute(preset))
@@ -2615,7 +2647,10 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
ippGetString(ippFindAttribute(fin_col,
"finishing-template",
IPP_TAG_ZERO), 0, NULL)) != NULL)
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword);
+ {
+ ppdPwgPpdizeName(keyword, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname);
+ }
}
}
else if (!strcmp(member_name, "media"))
@@ -2654,7 +2689,7 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
NULL)) != NULL)
{
ppdPwgPpdizeName(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*InputSlot %s\n", keyword);
+ cupsFilePrintf(fp, "*InputSlot %s\n", ppdname);
}
if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type",
@@ -2662,7 +2697,7 @@ ppdCreatePPDFromIPP2(char *buffer, // I - Filename buffer
NULL)) != NULL)
{
ppdPwgPpdizeName(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*MediaType %s\n", keyword);
+ cupsFilePrintf(fp, "*MediaType %s\n", ppdname);
}
}
else if (!strcmp(member_name, "print-quality"))
@@ -2812,3 +2847,38 @@ http_connect(http_t **http, // IO - Current HTTP connection
return (*http != NULL);
}
+
+
+/*
+ * 'ppd_put_strings()' - Write localization attributes to a PPD file.
+ */
+
+static void
+ppd_put_string(cups_file_t *fp, /* I - PPD file */
+ cups_lang_t *lang, /* I - Language */
+ const char *ppd_option,/* I - PPD option */
+ const char *ppd_choice,/* I - PPD choice */
+ const char *text) /* I - Localized text */
+{
+ if (!text)
+ return;
+
+ // Add the first line of localized text...
+#if CUPS_VERSION_MAJOR > 2
+ cupsFilePrintf(fp, "*%s.%s %s/", cupsLangGetName(lang), ppd_option, ppd_choice);
+#else
+ cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice);
+#endif // CUPS_VERSION_MAJOR > 2
+
+ while (*text && *text != '\n')
+ {
+ // Escape ":" and "<"...
+ if (*text == ':' || *text == '<')
+ cupsFilePrintf(fp, "<%02X>", *text);
+ else
+ cupsFilePutChar(fp, *text);
+
+ text ++;
+ }
+ cupsFilePuts(fp, ": \"\"\n");
+}

12
SPECS/libppd.spec
Unescape View File

@ -6,7 +6,7 @@
Name: libppd Name: libppd
Epoch: 1 Epoch: 1
Version: 2.0.0 Version: 2.0.0
Release: 6%{?dist} Release: 9%{?dist}
Summary: Library for retro-fitting legacy printer drivers Summary: Library for retro-fitting legacy printer drivers
# the CUPS exception text is the same as LLVM exception, so using that name with # the CUPS exception text is the same as LLVM exception, so using that name with
@ -26,6 +26,8 @@ Patch001: libppd-check-required-attrs.patch
# https://github.com/OpenPrinting/libppd/commit/d53abd9 # https://github.com/OpenPrinting/libppd/commit/d53abd9
# https://github.com/OpenPrinting/libppd/commit/c9f3e8fc0 # https://github.com/OpenPrinting/libppd/commit/c9f3e8fc0
Patch002: libppd-fix-delta-for-sizes.patch Patch002: libppd-fix-delta-for-sizes.patch
# RHEL-60335 CVE-2024-47175 libppd: remote command injection via attacker controlled data in PPD file
Patch003: 0001-prevent-ppd-generation-based-on-invalid-ipp-response.patch
# for autogen.sh # for autogen.sh
@ -198,8 +200,12 @@ rm -rf %{buildroot}%{_datadir}/ppdc
%endif %endif
%changelog %changelog
* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1:2.0.0-6 * Thu Nov 21 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-9
- Rebuilt for MSVSphere 10 - RHEL-60335 CVE-2024-47175 libppd: remote command injection via attacker controlled data in PPD file
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:2.0.0-7
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Aug 06 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-6 * Tue Aug 06 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-6
- RHEL-52980 fix deciding page sizes by changing delta for difference - RHEL-52980 fix deciding page sizes by changing delta for difference

Write Preview
Loading…
Cancel
Save