scheduler: Sanitize values for FilterNice directive

zdohnal · zdohnal · commit 294011390fb2 · 2026-03-16T16:23:59.000+01:00
We allow only values 0-19 for `nice()` in cupsd, but when reading the
configuration this fact was not applied.
diff --git a/CHANGES.md b/CHANGES.md
@@ -161,9 +161,10 @@ v2.5b1 - YYYY-MM-DD
   (Issue #1201)
 - Fixed job cleanup after daemon restart (Issue #1315)
 - Fixed unreachable block in IPP backend (Issue #1351)
-- Fixed memory leak in _cupsConvertOptions (Issue #1354)
+- Fixed memory leak in `_cupsConvertOptions()` (Issue #1354)
 - Fixed missing write check in `cupsFileOpen/Fd` (Issue #1360)
 - Fixed error recovery when scanning for PPDs in `cups-driverd` (Issue #1416)
+- Fixed allowed values for directive `FilterNice`
 - Removed hash support for SHA2-512-224 and SHA2-512-256.
 - Removed `mantohtml` script for generating html pages (use
   `https://www.msweet.org/mantohtml/`)
diff --git a/scheduler/conf.c b/scheduler/conf.c
@@ -48,7 +48,8 @@ typedef enum
   CUPSD_VARTYPE_STRING,			/* String option */
   CUPSD_VARTYPE_BOOLEAN,		/* Boolean option */
   CUPSD_VARTYPE_PATHNAME,		/* File/directory name option */
-  CUPSD_VARTYPE_PERM			/* File/directory permissions */
+  CUPSD_VARTYPE_PERM,			/* File/directory permissions */
+  CUPSD_VARTYPE_NICE			/* Values for nice() - 0 to 19 */
 } cupsd_vartype_t;
 
 typedef struct
@@ -81,7 +82,7 @@ static const cupsd_var_t	cupsd_vars[] =
   { "DNSSDHostName",		&DNSSDHostName,		CUPSD_VARTYPE_STRING },
   { "ErrorPolicy",		&ErrorPolicy,		CUPSD_VARTYPE_STRING },
   { "FilterLimit",		&FilterLimit,		CUPSD_VARTYPE_INTEGER },
-  { "FilterNice",		&FilterNice,		CUPSD_VARTYPE_INTEGER },
+  { "FilterNice",		&FilterNice,		CUPSD_VARTYPE_NICE},
 #ifdef HAVE_GSSAPI
   { "GSSServiceName",		&GSSServiceName,	CUPSD_VARTYPE_STRING },
 #endif /* HAVE_GSSAPI */
@@ -3017,6 +3018,37 @@ parse_variable(
 
 	cupsdSetString((char **)var->ptr, value);
 	break;
+
+    case CUPSD_VARTYPE_NICE :
+	if (!value)
+	{
+	  cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", line, linenum, filename);
+	  return (0);
+	}
+
+	while (*value)
+	{
+	  if (!isdigit(*value++))
+	  {
+	    cupsdLogMessage(CUPSD_LOG_ERROR,
+			    "Bad integer value for %s on line %d of %s.",
+			    line, linenum, filename);
+	    return (0);
+	  }
+	}
+
+	int n = (int)strtol(value, NULL, 10);
+
+	if (n < 0 || n > 19)
+	{
+	  cupsdLogMessage(CUPSD_LOG_ERROR, "Bad integer value for %s on line %d of %s. Supported values are 0-19.",
+			  line, linenum, filename);
+	  return (0);
+	}
+
+	*((int *)var->ptr) = n;
+
+	break;
   }
 
   return (1);
