print/hplip3/files/patch-CVE-2008-2940


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

Patch for CVE-2008-2940

Please note that alerts are now system-wide and they live in
/etc/hp/alerts.conf

See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
Obtained from: https://bugzilla.redhat.com/attachment.cgi?id=312878
Obtained from: https://bugzilla.redhat.com/attachment.cgi?id=312880

diff -up hplip-1.6.7/hpssd.py.validate-uri hplip-1.6.7/hpssd.py
--- hpssd.py.validate-uri	2008-07-29 12:48:28.000000000 +0100
+++ hpssd.py	2008-07-29 13:41:29.000000000 +0100
@@ -1021,6 +1021,9 @@ class hpssd_handler(dispatcher):
         event_type = self.fields.get('event-type', 'event')
         event_code = self.fields.get('event-code', 0)
         device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+        result_code = self.__checkdevice(device_uri)
+        if result_code != ERROR_SUCCESS:
+            return
         log.debug("Device URI: %s" % device_uri)
 
         try:
diff -up hplip-1.6.7/base/g.py.static-alerts-table hplip-1.6.7/base/g.py
--- base/g.py.orig	2008-01-18 02:10:29.000000000 +0300
+++ base/g.py	2008-11-23 22:39:11.000000000 +0300
@@ -134,6 +134,7 @@
 # Config file: directories and ports
 prop.sys_config_file = '/etc/hp/hplip.conf'
 prop.user_dir = os.path.expanduser('~/.hplip')
+prop.alerts_config_file = '/etc/hp/alerts.conf'
 
 os.umask(0037)
 try:
@@ -154,6 +155,7 @@
     
 sys_cfg = Config(prop.sys_config_file, True)
 user_cfg = Config(prop.user_config_file)
+alerts_cfg = Config(prop.alerts_config_file)
 
 
 # Language settings
diff -up hplip-1.6.7/hpssd.py.static-alerts-table hplip-1.6.7/hpssd.py
--- hpssd.py.static-alerts-table	2008-07-29 14:57:04.000000000 +0100
+++ hpssd.py	2008-07-29 15:22:15.000000000 +0100
@@ -71,6 +71,12 @@ from prnt import cups
 
 # Per user alert settings
 alerts = {}
+for user, cfg in alerts_cfg.iteritems ():
+    entry = {}
+    entry['email-alerts'] = utils.to_bool (cfg.get('email-alerts', 0))
+    entry['email-from-address'] = cfg.get('email-from-address', '')
+    entry['email-to-addresses'] = cfg.get('email-to-addresses', '')
+    alerts[user] = entry
 
 # Fax temp files
 fax_file = {}
@@ -803,15 +809,10 @@ class hpssd_handler(dispatcher):
         self.out_buffer = buildResultMessage('InjectValueResult', None, result_code)
         
 
-    # TODO: Need to load alerts at start-up
     def handle_setalerts(self):
         result_code = ERROR_SUCCESS
-        username = self.fields.get('username', '')
 
-        alerts[username] = {'email-alerts'       : utils.to_bool(self.fields.get('email-alerts', '0')),
-                            'email-from-address' : self.fields.get('email-from-address', ''),
-                            'email-to-addresses' : self.fields.get('email-to-addresses', ''),
-                           }
+        # Do nothing.  We use the alerts table in /etc/hp/alerts.conf.
 
         self.out_buffer = buildResultMessage('SetAlertsResult', None, result_code)