Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 312881 Details for
Bug 457052
CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
hplip-parse-crash.patch
hplip-parse-crash.patch (text/plain), 14.07 KB, created by
Tim Waugh
on 2008-07-29 14:52:30 UTC
(
hide
)
Description:
hplip-parse-crash.patch
Filename:
MIME Type:
Creator:
Tim Waugh
Created:
2008-07-29 14:52:30 UTC
Size:
14.07 KB
patch
obsolete
>diff -up hplip-1.6.7/hpssd.py.parse-crash hplip-1.6.7/hpssd.py >--- hplip-1.6.7/hpssd.py.parse-crash 2008-07-29 15:46:20.000000000 +0100 >+++ hplip-1.6.7/hpssd.py 2008-07-29 15:46:40.000000000 +0100 >@@ -658,7 +658,7 @@ class hpssd_handler(dispatcher): > log.debug(self.out_buffer) > return True > >- msg_type = self.fields.get('msg', 'unknown').lower() >+ msg_type = str (self.fields.get('msg', 'unknown')).lower() > log.debug("Handling: %s %s %s" % ("*"*20, msg_type, "*"*20)) > log.debug(repr(self.in_buffer)) > >@@ -712,9 +712,9 @@ class hpssd_handler(dispatcher): > > > def handle_getvalue(self): >- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:') >+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:') > value = '' >- key = self.fields.get('key', '') >+ key = str (self.fields.get('key', '')) > result_code = self.__checkdevice(device_uri) > > if result_code == ERROR_SUCCESS: >@@ -726,8 +726,8 @@ class hpssd_handler(dispatcher): > self.out_buffer = buildResultMessage('GetValueResult', value, result_code) > > def handle_setvalue(self): >- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:') >- key = self.fields.get('key', '') >+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:') >+ key = str (self.fields.get('key', '')) > value = self.fields.get('value', '') > result_code = self.__checkdevice(device_uri) > >@@ -737,7 +737,7 @@ class hpssd_handler(dispatcher): > self.out_buffer = buildResultMessage('SetValueResult', None, ERROR_SUCCESS) > > def handle_queryhistory(self): >- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:') >+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:') > payload = '' > result_code = self.__checkdevice(device_uri) > >@@ -748,7 +748,7 @@ class hpssd_handler(dispatcher): > self.out_buffer = buildResultMessage('QueryHistoryResult', payload, result_code) > > def handle_querymodel(self): # By device URI (used by toolbox, info, etc) >- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:') >+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:') > result_code = self.__checkdevice(device_uri) > mq = {} > >@@ -770,7 +770,7 @@ class hpssd_handler(dispatcher): > > > def handle_modelquery(self): # By model (used by hp: backend) >- model = self.fields.get('model', '') >+ model = str (self.fields.get('model', '')) > result_code = ERROR_SUCCESS > > try: >@@ -782,8 +782,8 @@ class hpssd_handler(dispatcher): > self.out_buffer = buildResultMessage('ModelQueryResult', None, result_code, mq) > > def handle_injectvalue(self): # Tweak MQ values at runtime >- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:') >- model = self.fields.get('model', '') >+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:') >+ model = str (self.fields.get('model', '')) > result_code = ERROR_INTERNAL > > if not model and device_uri: >@@ -797,7 +797,7 @@ class hpssd_handler(dispatcher): > log.debug(model) > > if model: >- key = self.fields.get('key', '') >+ key = str (self.fields.get('key', '')) > value = self.fields.get('value', '') > > if key and value: >@@ -819,8 +819,8 @@ class hpssd_handler(dispatcher): > > # EVENT > def handle_registerguievent(self): >- username = self.fields.get('username', '') >- typ = self.fields.get('type', 'unknown') >+ username = str (self.fields.get('username', '')) >+ typ = str (self.fields.get('type', 'unknown')) > self.typ = typ > self.username = username > self.send_events = True >@@ -828,13 +828,13 @@ class hpssd_handler(dispatcher): > > # EVENT > def handle_unregisterguievent(self): >- username = self.fields.get('username', '') >+ username = str (self.fields.get('username', '')) > self.send_events = False > > > def handle_test_email(self): > result_code = ERROR_SUCCESS >- username = self.fields.get('username', prop.username) >+ username = str (self.fields.get('username', prop.username)) > > try: > message = QueryString('email_test_message') >@@ -852,7 +852,7 @@ class hpssd_handler(dispatcher): > > def handle_querystring(self): > payload, result_code = '', ERROR_SUCCESS >- string_id = self.fields['string-id'] >+ string_id = str (self.fields.get ('string-id', '')) > try: > payload = QueryString(string_id) > except Error: >@@ -894,11 +894,14 @@ class hpssd_handler(dispatcher): > # sent by hpfax: to indicate the start of a complete fax rendering job > def handle_hpfaxbegin(self): > global fax_file >- username = self.fields.get('username', prop.username) >- job_id = self.fields.get('job-id', 0) >- printer_name = self.fields.get('printer', '') >- device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:') >- title = self.fields.get('title', '') >+ username = str (self.fields.get('username', prop.username)) >+ try: >+ job_id = int (self.fields.get('job-id', 0)) >+ except ValueError: >+ job_id = 0 >+ printer_name = str (self.fields.get('printer', '')) >+ device_uri = str (self.fields.get('device-uri', '')).replace('hp:', 'hpfax:') >+ title = str (self.fields.get('title', '')) > > # Send an early warning to the hp-sendfax UI so that > # the response time to something happening is as short as possible >@@ -943,8 +946,11 @@ class hpssd_handler(dispatcher): > # sent by hpfax: to transfer completed fax rendering data > def handle_hpfaxdata(self): > global fax_file >- username = self.fields.get('username', prop.username) >- job_id = self.fields.get('job-id', 0) >+ username = str (self.fields.get('username', prop.username)) >+ try: >+ job_id = int (self.fields.get('job-id', 0)) >+ except ValueError: >+ job_id = 0 > > if self.payload and (username, job_id) in fax_file: > fax_file[(username, job_id)].write(self.payload) >@@ -956,12 +962,18 @@ class hpssd_handler(dispatcher): > def handle_hpfaxend(self): > global fax_file > >- username = self.fields.get('username', '') >- job_id = self.fields.get('job-id', 0) >- printer_name = self.fields.get('printer', '') >- device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:') >- title = self.fields.get('title', '') >- job_size = self.fields.get('job-size', 0) >+ username = str (self.fields.get('username', '')) >+ try: >+ job_id = int (self.fields.get('job-id', 0)) >+ except ValueError: >+ job_id = 0 >+ printer_name = str (self.fields.get('printer', '')) >+ device_uri = str (self.fields.get('device-uri', '')).replace('hp:', 'hpfax:') >+ title = str (self.fields.get('title', '')) >+ try: >+ job_size = int (self.fields.get('job-size', 0)) >+ except ValueError: >+ job_size = 0 > > fax_file[(username, job_id)].seek(0) > >@@ -998,8 +1010,11 @@ class hpssd_handler(dispatcher): > def handle_faxgetdata(self): > global fax_file > result_code = ERROR_SUCCESS >- username = self.fields.get('username', '') >- job_id = self.fields.get('job-id', 0) >+ username = str (self.fields.get('username', '')) >+ try: >+ job_id = int (self.fields.get('job-id', 0)) >+ except ValueError: >+ job_id = 0 > > try: > fax_file[(username, job_id)] >@@ -1019,9 +1034,12 @@ class hpssd_handler(dispatcher): > # EVENT > def handle_event(self): > gui_port, gui_host = None, None >- event_type = self.fields.get('event-type', 'event') >- event_code = self.fields.get('event-code', 0) >- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:') >+ event_type = str (self.fields.get('event-type', 'event')) >+ try: >+ event_code = int (self.fields.get('event-code', 0)) >+ except ValueError: >+ event_code = 0 >+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:') > result_code = self.__checkdevice(device_uri) > if result_code != ERROR_SUCCESS: > return >@@ -1039,7 +1057,10 @@ class hpssd_handler(dispatcher): > > log.debug("Short/Long: %s/%s" % (error_string_short, error_string_long)) > >- job_id = self.fields.get('job-id', 0) >+ try: >+ job_id = int (self.fields.get('job-id', 0)) >+ except ValueError: >+ job_id = 0 > > try: > username = self.fields['username'] >@@ -1056,9 +1077,12 @@ class hpssd_handler(dispatcher): > username = prop.username > > >- no_fwd = self.fields.get('no-fwd', False) >+ no_fwd = utils.to_bool (self.fields.get('no-fwd', False)) > log.debug("Username (jobid): %s (%d)" % (username, job_id)) >- retry_timeout = self.fields.get('retry-timeout', 0) >+ try: >+ retry_timeout = int (self.fields.get('retry-timeout', 0)) >+ except ValueError: >+ retry_timeout = 0 > user_alerts = alerts.get(username, {}) > > dup_event = False >@@ -1150,15 +1174,21 @@ class hpssd_handler(dispatcher): > payload, result_code = '', ERROR_SUCCESS > num_devices, ret_devices = 0, {} > >- buses = self.fields.get('bus', 'cups,usb,par').split(',') >- format = self.fields.get('format', 'default') >+ buses = str (self.fields.get('bus', 'cups,usb,par')).split(',') >+ format = str (self.fields.get('format', 'default')) > > for b in buses: > bus = b.lower().strip() > > if bus == 'net': >- ttl = int(self.fields.get('ttl', 4)) >- timeout = int(self.fields.get('timeout', 5)) >+ try: >+ ttl = int(self.fields.get('ttl', 4)) >+ except ValueError: >+ ttl = 4 >+ try: >+ timeout = int(self.fields.get('timeout', 5)) >+ except ValueError: >+ timeout = 5 > > try: > detected_devices = slp.detectNetworkDevices('224.0.1.60', 427, ttl, timeout) >@@ -1183,7 +1213,7 @@ class hpssd_handler(dispatcher): > else: > device_uri = 'hp:/net/%s?ip=%s&port=%d' % (model, ip, (port+1)) > >- device_filter = self.fields.get('filter', 'none') >+ device_filter = str (self.fields.get('filter', 'none')) > > if device_filter in ('none', 'print'): > include = True >@@ -1197,7 +1227,10 @@ class hpssd_handler(dispatcher): > continue > > for f in device_filter.split(','): >- filter_type = int(fields.get('%s-type' % f.lower().strip(), 0)) >+ try: >+ filter_type = int(fields.get('%s-type' % f.lower().strip(), 0)) >+ except ValueError: >+ filter_type = 0 > if filter_type == 0: > include = False > break >@@ -1237,7 +1270,7 @@ class hpssd_handler(dispatcher): > continue > > if mdl and uri and is_hp: >- device_filter = self.fields.get('filter', 'none') >+ device_filter = str (self.fields.get('filter', 'none')) > include = True > > if device_filter not in ('none', 'print'): >@@ -1247,7 +1280,10 @@ class hpssd_handler(dispatcher): > continue > > for f in device_filter.split(','): >- filter_type = int(fields.get('%s-type' % f.lower().strip(), 0)) >+ try: >+ filter_type = int(fields.get('%s-type' % f.lower().strip(), 0)) >+ except ValueError: >+ filter_type = 0 > if filter_type == 0: > include = False > break >@@ -1263,7 +1299,7 @@ class hpssd_handler(dispatcher): > device_uri = p.device_uri > > if p.device_uri != '': >- device_filter = self.fields.get('filter', 'none') >+ device_filter = str (self.fields.get('filter', 'none')) > > try: > back_end, is_hp, bs, model, serial, dev_file, host, port = \ >@@ -1283,7 +1319,10 @@ class hpssd_handler(dispatcher): > continue > > for f in device_filter.split(','): >- filter_type = int(fields.get('%s-type' % f.lower().strip(), 0)) >+ try: >+ filter_type = int(fields.get('%s-type' % f.lower().strip(), 0)) >+ except ValueError: >+ filter_type = 0 > if filter_type == 0: > include = False > break
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=312881">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 457052
: 312881