summaryrefslogtreecommitdiff
path: root/print/hplip3/files/patch-CVE-2008-2941
diff options
context:
space:
mode:
Diffstat (limited to 'print/hplip3/files/patch-CVE-2008-2941')
-rw-r--r--print/hplip3/files/patch-CVE-2008-2941210
1 files changed, 0 insertions, 210 deletions
diff --git a/print/hplip3/files/patch-CVE-2008-2941 b/print/hplip3/files/patch-CVE-2008-2941
deleted file mode 100644
index f4bb8ee06caa..000000000000
--- a/print/hplip3/files/patch-CVE-2008-2941
+++ /dev/null
@@ -1,210 +0,0 @@
-Patch for CVE-2008-2941
-
-Fixes parser fragility: original code expects only strings or numbers as
-the input values, but not both. And hpssd client has the full control
-on the input data, so when number is tried to be transformed as string
-(by calling lower() method, for example) the unhandled exception
-terminates the daemon.
-
-Based on: https://bugzilla.redhat.com/attachment.cgi?id=312881
-
---- hpssd.py.orig 2008-11-23 22:41:08.000000000 +0300
-+++ hpssd.py 2008-11-23 22:57:51.000000000 +0300
-@@ -203,7 +203,7 @@
- log.debug(self.out_buffer)
- return True
-
-- msg_type = self.fields.get('msg', 'unknown').lower()
-+ msg_type = str(self.fields.get('msg', 'unknown')).lower()
- log.debug("Handling: %s %s %s" % ("*"*20, msg_type, "*"*20))
- log.debug(repr(self.in_buffer))
-
-@@ -260,9 +260,9 @@
-
-
- def handle_getvalue(self):
-- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
-+ device_uri = str(self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
- value = ''
-- key = self.fields.get('key', '')
-+ key = str(self.fields.get('key', ''))
- result_code = self.__checkdevice(device_uri)
-
- if result_code == ERROR_SUCCESS:
-@@ -274,9 +274,9 @@
- self.out_buffer = buildResultMessage('GetValueResult', value, result_code)
-
- def handle_setvalue(self):
-- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
-- key = self.fields.get('key', '')
-- value = self.fields.get('value', '')
-+ device_uri = str(self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
-+ key = str(self.fields.get('key', ''))
-+ value = str(self.fields.get('value', ''))
- result_code = self.__checkdevice(device_uri)
-
- if result_code == ERROR_SUCCESS:
-@@ -285,7 +285,7 @@
- self.out_buffer = buildResultMessage('SetValueResult', None, ERROR_SUCCESS)
-
- def handle_queryhistory(self):
-- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
-+ device_uri = str(self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
- payload = ''
- result_code = self.__checkdevice(device_uri)
-
-@@ -305,8 +305,8 @@
-
- # EVENT
- def handle_registerguievent(self):
-- username = self.fields.get('username', '')
-- typ = self.fields.get('type', 'unknown')
-+ username = str(self.fields.get('username', ''))
-+ typ = str(self.fields.get('type', 'unknown'))
- self.typ = typ
- self.username = username
- self.send_events = True
-@@ -314,13 +314,13 @@
-
- # EVENT
- def handle_unregisterguievent(self):
-- username = self.fields.get('username', '')
-+ username = str(self.fields.get('username', ''))
- self.send_events = False
-
-
- def handle_test_email(self):
- result_code = ERROR_SUCCESS
-- username = self.fields.get('username', prop.username)
-+ username = str(self.fields.get('username', prop.username))
- message = device.queryString('email_test_message')
- subject = device.queryString('email_test_subject')
- result_code = self.sendEmail(username, subject, message, True)
-@@ -343,11 +343,14 @@
-
- # sent by hpfax: to indicate the start of a complete fax rendering job
- def handle_hpfaxbegin(self):
-- username = self.fields.get('username', prop.username)
-- job_id = self.fields.get('job-id', 0)
-- printer_name = self.fields.get('printer', '')
-- device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:')
-- title = self.fields.get('title', '')
-+ username = str(self.fields.get('username', prop.username))
-+ try:
-+ job_id = int(self.fields.get('job-id', 0))
-+ except ValueError:
-+ job_id = 0
-+ printer_name = str(self.fields.get('printer', ''))
-+ device_uri = str(self.fields.get('device-uri', '')).replace('hp:', 'hpfax:')
-+ title = str(self.fields.get('title', ''))
-
- log.debug("Creating data store for %s:%d" % (username, job_id))
- fax_file[(username, job_id)] = tempfile.NamedTemporaryFile(prefix="hpfax")
-@@ -360,8 +363,11 @@
-
- # sent by hpfax: to transfer completed fax rendering data
- def handle_hpfaxdata(self):
-- username = self.fields.get('username', prop.username)
-- job_id = self.fields.get('job-id', 0)
-+ username = str(self.fields.get('username', prop.username))
-+ try:
-+ job_id = int(self.fields.get('job-id', 0))
-+ except ValueError:
-+ job_id = 0
-
- if self.payload and (username, job_id) in fax_file and \
- not fax_file_ready[(username, job_id)]:
-@@ -373,12 +379,18 @@
-
- # sent by hpfax: to indicate the end of a complete fax rendering job
- def handle_hpfaxend(self):
-- username = self.fields.get('username', '')
-- job_id = self.fields.get('job-id', 0)
-- printer_name = self.fields.get('printer', '')
-- device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:')
-- title = self.fields.get('title', '')
-- job_size = self.fields.get('job-size', 0)
-+ username = str(self.fields.get('username', ''))
-+ try:
-+ job_id = int(self.fields.get('job-id', 0))
-+ except ValueError:
-+ job_id = 0
-+ printer_name = str(self.fields.get('printer', ''))
-+ device_uri = str(self.fields.get('device-uri', '')).replace('hp:', 'hpfax:')
-+ title = str(self.fields.get('title', ''))
-+ try:
-+ job_size = int(self.fields.get('job-size', 0))
-+ except ValueError:
-+ job_size = 0
-
- fax_file[(username, job_id)].seek(0)
- fax_file_ready[(username, job_id)] = True
-@@ -389,7 +401,7 @@
-
- # sent by hp-sendfax to see if any faxes have been printed and need to be picked up
- def handle_faxcheck(self):
-- username = self.fields.get('username', '')
-+ username = str(self.fields.get('username', ''))
- result_code = ERROR_NO_DATA_AVAILABLE
- other_fields = {}
-
-@@ -413,8 +425,11 @@
- # after being run with --job param, both after a hpfaxend message
- def handle_faxgetdata(self):
- result_code = ERROR_SUCCESS
-- username = self.fields.get('username', '')
-- job_id = self.fields.get('job-id', 0)
-+ username = str(self.fields.get('username', ''))
-+ try:
-+ job_id = int(self.fields.get('job-id', 0))
-+ except ValueError:
-+ job_id = 0
-
- try:
- fax_file[(username, job_id)]
-@@ -442,15 +457,18 @@
- # EVENT
- def handle_event(self):
- gui_port, gui_host = None, None
-- event_type = self.fields.get('event-type', 'event')
-+ event_type = str(self.fields.get('event-type', 'event'))
-
-- event_code = self.fields.get('event-code', STATUS_PRINTER_IDLE)
-+ try:
-+ event_code = int(self.fields.get('event-code', STATUS_PRINTER_IDLE))
-+ except ValueError:
-+ event_code = STATUS_PRINTER_IDLE
-
- # If event-code > 10001, its a PJL error code, so convert it
- if event_code > EVENT_MAX_EVENT:
- event_code = status.MapPJLErrorCode(event_code)
-
-- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
-+ device_uri = str(self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
- result_code = self.__checkdevice(device_uri)
- if result_code != ERROR_SUCCESS:
- return
-@@ -461,7 +479,10 @@
-
- log.debug("Short/Long: %s/%s" % (error_string_short, error_string_long))
-
-- job_id = self.fields.get('job-id', 0)
-+ try:
-+ job_id = int(self.fields.get('job-id', 0))
-+ except ValueError:
-+ job_id = 0
-
- try:
- username = self.fields['username']
-@@ -480,7 +501,10 @@
-
- no_fwd = utils.to_bool(self.fields.get('no-fwd', '0'))
- log.debug("Username (jobid): %s (%d)" % (username, job_id))
-- retry_timeout = self.fields.get('retry-timeout', 0)
-+ try:
-+ retry_timeout = int(self.fields.get('retry-timeout', 0))
-+ except ValueError:
-+ retry_timeout = 0
- user_alerts = alerts.get(username, {})
-
- dup_event = False
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 05:40:48 +0000