1From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001 2From: Zdenek Dohnal <zdohnal@redhat.com> 3Date: Thu, 26 May 2022 06:27:04 +0200 4Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes 5 CVE-2022-26691) 6 7The previous algorithm didn't expect the strings can have a different 8length, so one string can be a substring of the other and such substring 9was reported as equal to the longer string. 10 11Reference:https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 12 13--- 14 scheduler/cert.c | 9 ++++++++- 15 1 files changed, 8 insertions(+), 1 deletion(-) 16 17diff --git a/scheduler/cert.c b/scheduler/cert.c 18index b268bf1b2..9b65b96c9 100644 19--- a/scheduler/cert.c 20+++ b/scheduler/cert.c 21@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */ 22 b ++; 23 } 24 25- return (result); 26+ /* 27+ * The while loop finishes when *a == '\0' or *b == '\0' 28+ * so after the while loop either both *a and *b == '\0', 29+ * or one points inside a string, so when we apply logical OR on *a, 30+ * *b and result, we get a non-zero return value if the compared strings don't match. 31+ */ 32+ 33+ return (result | *a | *b); 34 } 35