cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bb2a1c72c7
openbsd-ports/print/hplip/patches/patch-hpssd_py
ajacoutot eeb3a85b88 - SECURITY: fix for Secunia SA31470 -- patches adapted from RedHat 
(CVE-2008-2940 CVE-2008-2941)
prodded by jasper@
- fix some hardcoded paths and regen PLIST while here

ok jasper@
2009-02-02 10:47:11 +00:00

220 lines
9.2 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-hpssd_py,v 1.1 2009/02/02 10:47:11 ajacoutot Exp $
Fix for:
CVE-2008-2940
CVE-2008-2941
--- hpssd.py.orig Fri Nov 2 00:27:54 2007
+++ hpssd.py Mon Feb 2 10:51:49 2009
@@ -70,7 +70,13 @@ from prnt import cups
# Per user alert settings
alerts = {}
-
+for user, cfg in alerts_cfg.iteritems ():
+ entry = {}
+ entry['email-alerts'] = utils.to_bool (cfg.get('email-alerts', 0))
+ entry['email-from-address'] = cfg.get('email-from-address', '')
+ entry['email-to-addresses'] = cfg.get('email-to-addresses', '')
+ alerts[user] = entry
+
# Fax
fax_file = {}
fax_file_ready = {}
@@ -198,6 +204,7 @@ class hpssd_handler(dispatcher):
return True
msg_type = self.fields.get('msg', 'unknown').lower()
+ msg_type = str (self.fields.get('msg', 'unknown')).lower()
log.debug("Handling: %s %s %s" % ("*"*20, msg_type, "*"*20))
log.debug(repr(self.in_buffer))
@@ -254,9 +261,9 @@ class hpssd_handler(dispatcher):
def handle_getvalue(self):
- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
value = ''
- key = self.fields.get('key', '')
+ key = str (self.fields.get('key', ''))
result_code = self.__checkdevice(device_uri)
if result_code == ERROR_SUCCESS:
@@ -268,8 +275,8 @@ class hpssd_handler(dispatcher):
self.out_buffer = buildResultMessage('GetValueResult', value, result_code)
def handle_setvalue(self):
- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
- key = self.fields.get('key', '')
+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
+ key = str (self.fields.get('key', ''))
value = self.fields.get('value', '')
result_code = self.__checkdevice(device_uri)
@@ -279,32 +286,26 @@ class hpssd_handler(dispatcher):
self.out_buffer = buildResultMessage('SetValueResult', None, ERROR_SUCCESS)
def handle_queryhistory(self):
- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
payload = ''
result_code = self.__checkdevice(device_uri)
if result_code == ERROR_SUCCESS:
for h in devices[device_uri].history.get():
payload = '\n'.join([payload, ','.join([str(x) for x in h])])
-
self.out_buffer = buildResultMessage('QueryHistoryResult', payload, result_code)
- # TODO: Need to load alerts at start-up
def handle_setalerts(self):
result_code = ERROR_SUCCESS
- username = self.fields.get('username', '')
- alerts[username] = {'email-alerts' : utils.to_bool(self.fields.get('email-alerts', '0')),
- 'email-from-address' : self.fields.get('email-from-address', ''),
- 'email-to-addresses' : self.fields.get('email-to-addresses', ''),
- }
+ # Do nothing. We use the alerts table in ${SYSCONFDIR}/hp/alerts.conf.
self.out_buffer = buildResultMessage('SetAlertsResult', None, result_code)
# EVENT
def handle_registerguievent(self):
- username = self.fields.get('username', '')
+ username = str (self.fields.get('username', ''))
typ = self.fields.get('type', 'unknown')
self.typ = typ
self.username = username
@@ -319,7 +320,7 @@ class hpssd_handler(dispatcher):
def handle_test_email(self):
result_code = ERROR_SUCCESS
- username = self.fields.get('username', prop.username)
+ username = str (self.fields.get('username', prop.username))
message = device.queryString('email_test_message')
subject = device.queryString('email_test_subject')
result_code = self.sendEmail(username, subject, message, True)
@@ -342,11 +343,14 @@ class hpssd_handler(dispatcher):
# sent by hpfax: to indicate the start of a complete fax rendering job
def handle_hpfaxbegin(self):
- username = self.fields.get('username', prop.username)
- job_id = self.fields.get('job-id', 0)
- printer_name = self.fields.get('printer', '')
- device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:')
- title = self.fields.get('title', '')
+ username = str (self.fields.get('username', prop.username))
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
+ printer_name = str (self.fields.get('printer', ''))
+ device_uri = str (self.fields.get('device-uri', '')).replace('hp:', 'hpfax:')
+ title = str (self.fields.get('title', ''))
log.debug("Creating data store for %s:%d" % (username, job_id))
fax_file[(username, job_id)] = tempfile.NamedTemporaryFile(prefix="hpfax")
@@ -359,8 +363,11 @@ class hpssd_handler(dispatcher):
# sent by hpfax: to transfer completed fax rendering data
def handle_hpfaxdata(self):
- username = self.fields.get('username', prop.username)
- job_id = self.fields.get('job-id', 0)
+ username = str (self.fields.get('username', prop.username))
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
if self.payload and (username, job_id) in fax_file and \
not fax_file_ready[(username, job_id)]:
@@ -372,12 +379,18 @@ class hpssd_handler(dispatcher):
# sent by hpfax: to indicate the end of a complete fax rendering job
def handle_hpfaxend(self):
- username = self.fields.get('username', '')
- job_id = self.fields.get('job-id', 0)
- printer_name = self.fields.get('printer', '')
- device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:')
- title = self.fields.get('title', '')
- job_size = self.fields.get('job-size', 0)
+ username = str (self.fields.get('username', ''))
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
+ printer_name = str (self.fields.get('printer', ''))
+ device_uri = str (self.fields.get('device-uri', '')).replace('hp:', 'hpfax:')
+ title = str (self.fields.get('title', ''))
+ try:
+ job_size = int (self.fields.get('job-size', 0))
+ except ValueError:
+ job_size = 0
fax_file[(username, job_id)].seek(0)
fax_file_ready[(username, job_id)] = True
@@ -412,8 +425,11 @@ class hpssd_handler(dispatcher):
# after being run with --job param, both after a hpfaxend message
def handle_faxgetdata(self):
result_code = ERROR_SUCCESS
- username = self.fields.get('username', '')
- job_id = self.fields.get('job-id', 0)
+ username = str (self.fields.get('username', ''))
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
try:
fax_file[(username, job_id)]
@@ -441,15 +457,16 @@ class hpssd_handler(dispatcher):
# EVENT
def handle_event(self):
gui_port, gui_host = None, None
- event_type = self.fields.get('event-type', 'event')
-
- event_code = self.fields.get('event-code', STATUS_PRINTER_IDLE)
-
- # If event-code > 10001, its a PJL error code, so convert it
- if event_code > EVENT_MAX_EVENT:
- event_code = status.MapPJLErrorCode(event_code)
-
- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+ event_type = str (self.fields.get('event-type', 'event'))
+ try:
+ event_code = int (self.fields.get('event-code', 0))
+ except ValueError:
+ event_code = 0
+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
+ result_code = self.__checkdevice(device_uri)
+ if result_code != ERROR_SUCCESS:
+ return
+
log.debug("Device URI: %s" % device_uri)
error_string_short = device.queryString(str(event_code), 0)
@@ -476,7 +493,10 @@ class hpssd_handler(dispatcher):
no_fwd = utils.to_bool(self.fields.get('no-fwd', '0'))
log.debug("Username (jobid): %s (%d)" % (username, job_id))
- retry_timeout = self.fields.get('retry-timeout', 0)
+ try:
+ retry_timeout = int (self.fields.get('retry-timeout', 0))
+ except ValueError:
+ retry_timeout = 0
user_alerts = alerts.get(username, {})
dup_event = False
@@ -594,7 +614,7 @@ USAGE = [(__doc__, "", "name", True),
("Usage: hpssd.py [OPTIONS]", "", "summary", True),
utils.USAGE_OPTIONS,
("Do not daemonize:", "-x", "option", False),
- ("Port to listen on:", "-p<port> or --port=<port> (overrides value in /etc/hp/hplip.conf)", "option", False),
+ ("Port to listen on:", "-p<port> or --port=<port> (overrides value in ${SYSCONFDIR}/hp/hplip.conf)", "option", False),
utils.USAGE_LOGGING1, utils.USAGE_LOGGING2,
("Run in debug mode:", "-g (same as options: -ldebug -x)", "option", False),
utils.USAGE_HELP,
Reference in New Issue View Git Blame Copy Permalink