Fix heap buffer overflow in ipp.c am: b58481780c am: 3ec6f0bd9b am: bae9491cf3
am: 22ae626957
Change-Id: I5ef3f90127dd7be6a2f98ef9eaa71b72b48e23da
diff --git a/METADATA b/METADATA
new file mode 100644
index 0000000..80b0191
--- /dev/null
+++ b/METADATA
@@ -0,0 +1,18 @@
+name: "libcups"
+description: "CUPS is the standards-based, open source printing system."
+third_party {
+ url {
+ type: HOMEPAGE
+ value: "https://www.cups.org/"
+ }
+ url {
+ type: ARCHIVE
+ value: "https://github.com/apple/cups/releases/download/v2.2.6/cups-2.2.6-source.tar.gz"
+ }
+ version: "v2.2.6"
+ last_upgrade_date {
+ year: 2018
+ month: 3
+ day: 16
+ }
+}
diff --git a/OWNERS b/OWNERS
new file mode 100644
index 0000000..930fb06
--- /dev/null
+++ b/OWNERS
@@ -0,0 +1,4 @@
+# Default code reviewers picked from top 3 or more developers.
+# Please update this list if you find better candidates.
+moltmann@google.com
+# used by packages/services/BuiltInPrintService
diff --git a/cups/tls-boringssl.c b/cups/tls-boringssl.c
index a8b7de5..d860646 100644
--- a/cups/tls-boringssl.c
+++ b/cups/tls-boringssl.c
@@ -418,6 +418,35 @@
return (-1);
}
+ _cups_globals_t *cg = _cupsGlobals();
+ if (cg->server_cert_cb)
+ {
+ int error = 0;
+ X509 *peer_certificate = SSL_get_peer_certificate(http->tls);
+ if (peer_certificate)
+ {
+ ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(peer_certificate);
+ cups_array_t *credentials = cupsArrayNew(NULL, NULL);
+
+ if (credentials != NULL)
+ {
+ httpAddCredential(credentials, key->data, key->length);
+ error = cg->server_cert_cb(http, http->tls, credentials, cg->server_cert_data);
+ httpFreeCredentials(credentials);
+ }
+ X509_free(peer_certificate);
+ }
+
+ if (error != 0)
+ {
+ http->error = errno = EINVAL;
+ http->status = HTTP_STATUS_ERROR;
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Client rejected the server certificate."), 1);
+ }
+
+ return (error);
+ }
+
return (0);
}
