diff -up cups-1.3.7/cgi-bin/admin.c.CVE-2008-5184 cups-1.3.7/cgi-bin/admin.c
--- cups-1.3.7/cgi-bin/admin.c.CVE-2008-5184 2008-02-13 01:15:29.000000000 +0000
+++ cups-1.3.7/cgi-bin/admin.c 2008-12-01 16:30:16.000000000 +0000
@@ -309,6 +309,16 @@ do_add_rss_subscription(http_t *http) /*
}
/*
+ * Make sure we have a username...
+ */
+
+ if ((user = getenv("REMOTE_USER")) == NULL)
+ {
+ puts("Status: 401\n");
+ exit(0);
+ }
+
+ /*
* Validate the subscription name...
*/
@@ -352,9 +362,6 @@ do_add_rss_subscription(http_t *http) /*
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri",
NULL, printer_uri);
- if ((user = getenv("REMOTE_USER")) == NULL)
- user = "guest";
-
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name",
NULL, user);
@@ -1269,6 +1276,16 @@ do_cancel_subscription(http_t *http)/* I
}
/*
+ * Require a username...
+ */
+
+ if ((user = getenv("REMOTE_USER")) == NULL)
+ {
+ puts("Status: 401\n");
+ exit(0);
+ }
+
+ /*
* Cancel the subscription...
*/
@@ -1279,9 +1296,6 @@ do_cancel_subscription(http_t *http)/* I
ippAddInteger(request, IPP_TAG_OPERATION, IPP_TAG_INTEGER,
"notify-subscription-id", id);
- if ((user = getenv("REMOTE_USER")) == NULL)
- user = "guest";
-
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name",
NULL, user);
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
b2b31f8f12ce25fb0a2128354ea26724
>
files
>
8
