blob: 8822cf2c6b7ec18327b7d544b99c6adc0544c77c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
$NetBSD: patch-scheduler_client.c,v 1.1.2.2 2014/05/16 14:30:01 tron Exp $
Fix for CVE-2014-2856 from
http://www.cups.org/str.php?L4356
--- scheduler/client.c.orig 2012-03-07 06:05:39.000000000 +0000
+++ scheduler/client.c
@@ -4075,6 +4075,14 @@ is_path_absolute(const char *path) /* I
return (0);
/*
+ * Check for "<" or quotes in the path and reject since this is probably
+ * someone trying to inject HTML...
+ */
+
+ if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
+ return (0);
+
+ /*
* Check for "/.." in the path...
*/
|