From 96b3bdf010e78880f5764e5032720379aa1116df Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Sat, 7 Sep 2024 19:41:58 -0400 Subject: [PATCH] Validate URIs and attribute names before putting them in the generated PPD. --- cups/ppd-cache.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c index 481963483..f219a2c08 100644 --- a/cups/ppd-cache.c +++ b/cups/ppd-cache.c @@ -3340,10 +3340,10 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */ base_lang = cupsLangGet("en"); - if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL)); - if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); /* @@ -3356,10 +3356,10 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */ if (ippGetBoolean(ippFindAttribute(supported, "job-accounting-user-id-supported", IPP_TAG_BOOLEAN), 0)) cupsFilePuts(fp, "*cupsJobAccountingUserId: True\n"); - if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n", ippGetString(attr, 0, NULL)); - if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr)) { for (i = 0, count = ippGetCount(attr), prefix = "*cupsMandatory: \""; i < count; i ++) { @@ -3376,7 +3376,7 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */ cupsFilePuts(fp, "\"\n"); } - if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL) + if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr)) { for (i = 0, count = ippGetCount(attr), prefix = "*cupsRequested: \""; i < count; i ++) {