From 95576ec3d20c109332d14672a807353cdc551018 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 26 Sep 2024 23:09:29 +0200
Subject: [PATCH] cfGetPrinterAttributes5(): Validate response attributes
 before return

The destination can be corrupted or forged, so validate the response
to strenghten security measures.

Fixes CVE-2024-47076
---
 cupsfilters/ipp.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
index c61069f..bb288f6 100644
--- a/cupsfilters/ipp.c
+++ b/cupsfilters/ipp.c
@@ -249,6 +249,14 @@ get_printer_attributes(const char* raw_uri,
 		     total_attrs);
 	ippDelete(response);
       } else {
+
+	// Check if the response is valid
+	if (!ippValidateAttributes(response))
+	{
+	  ippDelete(response);
+	  response = NULL;
+	}
+
 	/* Suitable response, we are done */
 	httpClose(http_printer);
 	return response;
-- 
2.43.0