New issue
Advanced search Search tips

Issue 633384 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Sep 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Ensure cups doesn't allow filters with ., /, or .. in name, and filters always come from certain dir

Project Member Reported by adlr@chromium.org, Aug 1 2016

Issue description

I think this is already the case, but need to check.
 

Comment 1 by adlr@chromium.org, Aug 25 2016

Not already the case! CL is up for review, tho
Project Member

Comment 2 by bugdroid1@chromium.org, Sep 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/f3641b4bd60be7aac743338faee74f14817ddefd

commit f3641b4bd60be7aac743338faee74f14817ddefd
Author: Andrew de los Reyes <adlr@chromium.org>
Date: Thu Aug 25 18:46:53 2016

net-print/cups: Patch to be strict on filter names in PPDs

We require that all filters specified in PPDs are just the program name,
and do not contain any relative or absolute path info.

BUG= chromium:633384 
TEST=Manually ran cuptestppd on device with dummy PPD. Made sure it
could pass with a valid filter, but when usingn path info (adding . or /
to filter), it would fail. Tested with both cupsFilter and cupsFilter2.

Change-Id: I891e6ed9cba6d262d6db68b0603069bc52779919
Reviewed-on: https://chromium-review.googlesource.com/376021
Commit-Ready: Andrew de los Reyes <adlr@chromium.org>
Tested-by: Andrew de los Reyes <adlr@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[rename] https://crrev.com/f3641b4bd60be7aac743338faee74f14817ddefd/net-print/cups/cups-2.1.4-r5.ebuild
[modify] https://crrev.com/f3641b4bd60be7aac743338faee74f14817ddefd/net-print/cups/cups-2.1.4.ebuild
[add] https://crrev.com/f3641b4bd60be7aac743338faee74f14817ddefd/net-print/cups/files/cups-2.1.4-strict-filters.patch

Comment 3 by adlr@chromium.org, Sep 6 2016

Status: Verified (was: Started)
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 23

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/cups/+/63217cae77c2c30c4fea3325093f505d0dfe0a93

commit 63217cae77c2c30c4fea3325093f505d0dfe0a93
Author: David Valleau <valleau@chromium.org>
Date: Mon Jul 23 21:13:48 2018

Applying cups-2.1.4-strict-filters.patch

Makes cupstestppd extra strict, preventing filters from having '/' or
'.' in the name. This is to ensure that filters don't use an absolute
path or even relative path with '..' in it. Yes, it's extra strict,
b/c a filter name like 'myfilter.foo' would be stopped by this script,
but doesn't pose a problem. That said, we don't see that in practice.

From: Andrew de los Reyes <adlr@chromium.org>
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=633384

BUG= chromium:865217 
TEST=None

Change-Id: Ieabf6e1548c46356e4ec5f66669e31f1dbf99ddf

[modify] https://crrev.com/63217cae77c2c30c4fea3325093f505d0dfe0a93/systemv/cupstestppd.c

Sign in to add a comment