From 49fa4983f25b64ec29d548ffa3b9782426007df3 Mon Sep 17 00:00:00 2001
From: Michael Sweet <michael.r.sweet@gmail.com>
Date: Mon, 23 Oct 2017 16:23:43 -0400
Subject: [PATCH] DBUS notifications could crash the scheduler (Issue #5143)

- scheduler/ipp.c: Make sure requesting-user-name string is valid UTF-8.
---
 scheduler/ipp.c | 12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index e6743cdcb..5cf980ab3 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -1597,6 +1597,16 @@ add_job(cupsd_client_t  *con,		/* I - Client connection */
     return (NULL);
   }
 
+  attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
+
+  if (attr && !ippValidateAttribute(attr))
+  {
+    send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
+    if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
+      attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+    return (NULL);
+  }
+
   if ((job = cupsdAddJob(priority, printer->name)) == NULL)
   {
     send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1615,8 +1625,6 @@ add_job(cupsd_client_t  *con,		/* I - Client connection */
   add_job_uuid(job);
   apply_printer_defaults(printer, job);
 
-  attr = ippFindAttribute(job->attrs, "requesting-user-name", IPP_TAG_NAME);
-
   if (con->username[0])
   {
     cupsdSetString(&job->username, con->username);