From b6b656f4b431574069d5b17dc6d3d44910269bb9 Mon Sep 17 00:00:00 2001 From: Tim Waugh <twaugh@redhat.com> Date: Wed, 3 Feb 2010 16:07:11 +0000 Subject: [PATCH] More complete fix for CVE-2009-3553. --- scheduler/select.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/scheduler/select.c b/scheduler/select.c index 21a6edc..a2451a5 100644 --- a/scheduler/select.c +++ b/scheduler/select.c @@ -454,7 +454,8 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */ if (fdptr->read_cb && event->filter == EVFILT_READ) (*(fdptr->read_cb))(fdptr->data); - if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE) + if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE && + !cupsArrayFind(cupsd_inactive_fds, fdptr)) (*(fdptr->write_cb))(fdptr->data); release_fd(fdptr); @@ -500,7 +501,8 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */ (*(fdptr->read_cb))(fdptr->data); if (fdptr->use > 1 && fdptr->write_cb && - (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP))) + (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)) && + !cupsArrayFind(cupsd_inactive_fds, fdptr)) (*(fdptr->write_cb))(fdptr->data); release_fd(fdptr); -- 1.6.6