!77 fix CVE-2022-26691

From: @shirely16 Reviewed-by: @t_feng Signed-off-by: @t_feng
2022-06-10 09:47:19 +00:00 · 2022-06-10 09:47:19 +00:00 · f1bb1583f8
commit f1bb1583f8
parent ac493a7665 1b8c360e15
2 changed files with 39 additions and 1 deletions
--- a/backport-CVE-2022-26691.patch
+++ b/backport-CVE-2022-26691.patch
@ -0,0 +1,34 @@
+From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 26 May 2022 06:27:04 +0200
+Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
+ CVE-2022-26691)
+
+The previous algorithm didn't expect the strings can have a different
+length, so one string can be a substring of the other and such substring
+was reported as equal to the longer string.
+
+Reference:https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444
+
+---
+ scheduler/cert.c | 9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/scheduler/cert.c b/scheduler/cert.c
+index b268bf1b2..9b65b96c9 100644
+--- a/scheduler/cert.c
+++ b/scheduler/cert.c
+@@ -444,5 +444,12 @@ ctcompare(const char *a,		/* I - First string */
+     b ++;
+   }
+ 
+-  return (result);
+ /*
+  * The while loop finishes when *a == '\0' or *b == '\0'
+  * so after the while loop either both *a and *b == '\0',
+  * or one points inside a string, so when we apply logical OR on *a,
+  * *b and result, we get a non-zero return value if the compared strings don't match.
+  */
+
+  return (result | *a | *b);
+ }
--- a/cups.spec
+++ b/cups.spec
@ -1,7 +1,7 @@
 Name:    cups
 Epoch:   1
 Version: 2.2.13
-Release: 11
+Release: 12
 Summary: CUPS is the standards-based, open source printing system for linux operating systems.
 License: GPLv2+ and LGPLv2+ with exceptions and AML
 Url:     http://www.cups.org/
@ -35,6 +35,7 @@ Patch21: custom-option-keywords-did-not.patch
 Patch22: CVE-2020-3898.patch
 Patch6000: backport-CVE-2020-10001.patch
 Patch6001: backport-to-make-sure-service-start-in-the-right-order.patch
+Patch6002: backport-CVE-2022-26691.patch

 Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
 Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
@ -326,6 +327,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
 %doc %{_datadir}/%{name}/www/apple-touch-icon.png

 %changelog
+* Thu Jun 9 2022 hanhui <hanhui15@h-partners.com> 2.2.13-12
+- fix CVE-2022-26691
+
 * Mon Nov 29 2021 hanhui <hanhui15@huawei.com> 2.2.13-11
 - DESC:fix cups-devel requires error