Update the printer/class CGI name check.

michaelrsweet · michaelrsweet · commit e818754eea2e · 2026-01-21T12:13:09.000-05:00
diff --git a/CHANGES.md b/CHANGES.md
@@ -7,6 +7,7 @@ Changes in CUPS v2.4.17 (YYYY-MM-DD)
 
 - The scheduler followed symbolic links when cleaning out its temporary
   directory (Issue #1448)
+- Fixed an issue with the class/printer CGI name checking.
 - Fixed notifier logging bug that would result in nul bytes getting into the
   log (Issue #1450)
 - Fixed possible use-after-free in `cupsdReadClient()` (Issue #1454)
diff --git a/scheduler/client.c b/scheduler/client.c
@@ -1,7 +1,7 @@
 /*
  * Client routines for the CUPS scheduler.
  *
- * Copyright © 2020-2024 by OpenPrinting.
+ * Copyright © 2020-2026 by OpenPrinting.
  * Copyright © 2007-2021 by Apple Inc.
  * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
  *
@@ -1163,12 +1163,12 @@ cupsdReadClient(cupsd_client_t *con)	/* I - Client to read from */
 		  {
 		    unsigned int i = 0;	// Array index
 
-		    for (ptr = con->uri + 9; *ptr && *ptr != '?' && i < sizeof(name);)
+		    for (ptr = con->uri + 9; *ptr && *ptr != '?' && i < (sizeof(name) - 1);)
 		      name[i++] = *ptr++;
 
 		    name[i] = '\0';
 
-		    if (!cupsdFindClass(name))
+		    if ((*ptr && *ptr != '?') || !cupsdFindClass(name))
 		    {
 		      if (!cupsdSendError(con, HTTP_STATUS_NOT_FOUND, CUPSD_AUTH_NONE))
 		      {
@@ -1203,12 +1203,12 @@ cupsdReadClient(cupsd_client_t *con)	/* I - Client to read from */
 		  {
 		    unsigned int i = 0;	// Array index
 
-		    for (ptr = con->uri + 10; *ptr && *ptr != '?' && i < sizeof(name);)
+		    for (ptr = con->uri + 10; *ptr && *ptr != '?' && i < (sizeof(name) - 1);)
 		      name[i++] = *ptr++;
 
 		    name[i] = '\0';
 
-		    if (!cupsdFindPrinter(name))
+		    if ((*ptr && *ptr != '?') || !cupsdFindPrinter(name))
 		    {
 		      if (!cupsdSendError(con, HTTP_STATUS_NOT_FOUND, CUPSD_AUTH_NONE))
 		      {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/*`
`2`	`2`	`* Client routines for the CUPS scheduler.`
`3`	`3`	`*`
`4`		`- * Copyright © 2020-2024 by OpenPrinting.`
	`4`	`+ * Copyright © 2020-2026 by OpenPrinting.`
`5`	`5`	`* Copyright © 2007-2021 by Apple Inc.`
`6`	`6`	`* Copyright © 1997-2007 by Easy Software Products, all rights reserved.`
`7`	`7`	`*`
`@@ -1163,12 +1163,12 @@ cupsdReadClient(cupsd_client_t con) / I - Client to read from */`
`1163`	`1163`	`{`
`1164`	`1164`	`unsigned int i = 0; // Array index`
`1165`	`1165`
`1166`		`- for (ptr = con->uri + 9; ptr && ptr != '?' && i < sizeof(name);)`
	`1166`	`+ for (ptr = con->uri + 9; ptr && ptr != '?' && i < (sizeof(name) - 1);)`
`1167`	`1167`	`name[i++] = *ptr++;`
`1168`	`1168`
`1169`	`1169`	`name[i] = '\0';`
`1170`	`1170`
`1171`		`- if (!cupsdFindClass(name))`
	`1171`	`+ if ((ptr && ptr != '?') \|\| !cupsdFindClass(name))`
`1172`	`1172`	`{`
`1173`	`1173`	`if (!cupsdSendError(con, HTTP_STATUS_NOT_FOUND, CUPSD_AUTH_NONE))`
`1174`	`1174`	`{`
`@@ -1203,12 +1203,12 @@ cupsdReadClient(cupsd_client_t con) / I - Client to read from */`
`1203`	`1203`	`{`
`1204`	`1204`	`unsigned int i = 0; // Array index`
`1205`	`1205`
`1206`		`- for (ptr = con->uri + 10; ptr && ptr != '?' && i < sizeof(name);)`
	`1206`	`+ for (ptr = con->uri + 10; ptr && ptr != '?' && i < (sizeof(name) - 1);)`
`1207`	`1207`	`name[i++] = *ptr++;`
`1208`	`1208`
`1209`	`1209`	`name[i] = '\0';`
`1210`	`1210`
`1211`		`- if (!cupsdFindPrinter(name))`
	`1211`	`+ if ((ptr && ptr != '?') \|\| !cupsdFindPrinter(name))`
`1212`	`1212`	`{`
`1213`	`1213`	`if (!cupsdSendError(con, HTTP_STATUS_NOT_FOUND, CUPSD_AUTH_NONE))`
`1214`	`1214`	`{`