scheduler/cert.c: Fix string comparison (fixes CVE-2022-26691)

The previous algorithm didn't expect the strings can have a different length, so one string can be a substring of the other and such substring was reported as equal to the longer string.
OpenPrinting · May 26, 2022 · de4f8c1 · de4f8c1
1 parent 498fd9f
commit de4f8c1
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -4,6 +4,7 @@ CHANGES - OpenPrinting CUPS 2.4.1 - 2022-01-27
 Changes in CUPS v2.4.2 (TBA)
 ----------------------------
 
+- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
 - The `cupsFileOpen` function no longer opens files for append in read-write
   mode (Issue #291)
 - The cupsd daemon removed processing temporary queue (Issue #364)

diff --git a/scheduler/cert.c b/scheduler/cert.c
@@ -444,5 +444,12 @@ ctcompare(const char *a,		/* I - First string */
     b ++;
   }
 
-  return (result);
+ /*
+  * The while loop finishes when *a == '\0' or *b == '\0'
+  * so after the while loop either both *a and *b == '\0',
+  * or one points inside a string, so when we apply logical OR on *a,
+  * *b and result, we get a non-zero return value if the compared strings don't match.
+  */
+
+  return (result | *a | *b);
 }