CUPS passes illegal chartacters from PPD file to IPP attributes #1118
Comments
|
PPD file of the KONICA MINOLTA C658 PostScript: |
|
Can you assign this issue to me? I'm willing to work on it |
|
I'm taking up the issue and will begin my work soon. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original report to Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2089231
The user has several printers on CUPS servers. One of the printers disappeared when IPP attributes from the response to a get-printer-attributes IPP request got checked for illegal characters to prevent the recently reported RCE vulnerability in cups-browsed.
The printer in questions is the KONICA MINOLTA C658 PostScript printer. Its PPD file (attached) contains parentheses in the machine-readable/command line names of media types:
Probably this is already not correct for PPD files (but
cupstestppddoes not complain about it), but when CUPS generates the printer IPP attributes to answer a client's get-printer-attributes IPP request it should remove the parentheses (usethick-1-2ndfor example), as otherwise a client with all the recent security updates would reject the printer due to the illegal characters in the IPP attributes.To solve this problem, not only parentheses should be filtered but also any other illegal characters. AFAIK only letters, numbers and hyphens are allowed (and letters have to be converted to lowercase).
The text was updated successfully, but these errors were encountered: