--- hplip-2.7.7/hpssd.py.cve-2008-2941 2008-08-13 12:06:49.000000000 -0400
+++ hplip-2.7.7/hpssd.py 2008-08-13 12:23:28.000000000 -0400
@@ -203,7 +203,7 @@ class hpssd_handler(dispatcher):
log.debug(self.out_buffer)
return True
- msg_type = self.fields.get('msg', 'unknown').lower()
+ msg_type = str (self.fields.get('msg', 'unknown')).lower()
log.debug("Handling: %s %s %s" % ("*"*20, msg_type, "*"*20))
log.debug(repr(self.in_buffer))
@@ -260,9 +260,9 @@ class hpssd_handler(dispatcher):
def handle_getvalue(self):
- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
value = ''
- key = self.fields.get('key', '')
+ key = str (self.fields.get('key', ''))
result_code = self.__checkdevice(device_uri)
if result_code == ERROR_SUCCESS:
@@ -274,8 +274,8 @@ class hpssd_handler(dispatcher):
self.out_buffer = buildResultMessage('GetValueResult', value, result_code)
def handle_setvalue(self):
- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
- key = self.fields.get('key', '')
+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
+ key = str (self.fields.get('key', ''))
value = self.fields.get('value', '')
result_code = self.__checkdevice(device_uri)
@@ -285,7 +285,7 @@ class hpssd_handler(dispatcher):
self.out_buffer = buildResultMessage('SetValueResult', None, ERROR_SUCCESS)
def handle_queryhistory(self):
- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
payload = ''
result_code = self.__checkdevice(device_uri)
@@ -305,8 +305,8 @@ class hpssd_handler(dispatcher):
# EVENT
def handle_registerguievent(self):
- username = self.fields.get('username', '')
- typ = self.fields.get('type', 'unknown')
+ username = str (self.fields.get('username', ''))
+ typ = str (self.fields.get('type', 'unknown'))
self.typ = typ
self.username = username
self.send_events = True
@@ -314,13 +314,13 @@ class hpssd_handler(dispatcher):
# EVENT
def handle_unregisterguievent(self):
- username = self.fields.get('username', '')
+ username = str (self.fields.get('username', ''))
self.send_events = False
def handle_test_email(self):
result_code = ERROR_SUCCESS
- username = self.fields.get('username', prop.username)
+ username = str (self.fields.get('username', prop.username))
message = device.queryString('email_test_message')
subject = device.queryString('email_test_subject')
result_code = self.sendEmail(username, subject, message, True)
@@ -343,11 +343,14 @@ class hpssd_handler(dispatcher):
# sent by hpfax: to indicate the start of a complete fax rendering job
def handle_hpfaxbegin(self):
- username = self.fields.get('username', prop.username)
- job_id = self.fields.get('job-id', 0)
- printer_name = self.fields.get('printer', '')
- device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:')
- title = self.fields.get('title', '')
+ username = str (self.fields.get('username', prop.username))
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
+ printer_name = str (self.fields.get('printer', ''))
+ device_uri = str (self.fields.get('device-uri', '')).replace('hp:', 'hpfax:')
+ title = str (self.fields.get('title', ''))
log.debug("Creating data store for %s:%d" % (username, job_id))
fax_file[(username, job_id)] = tempfile.NamedTemporaryFile(prefix="hpfax")
@@ -360,8 +363,11 @@ class hpssd_handler(dispatcher):
# sent by hpfax: to transfer completed fax rendering data
def handle_hpfaxdata(self):
- username = self.fields.get('username', prop.username)
- job_id = self.fields.get('job-id', 0)
+ username = str (self.fields.get('username', prop.username))
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
if self.payload and (username, job_id) in fax_file and \
not fax_file_ready[(username, job_id)]:
@@ -373,12 +379,18 @@ class hpssd_handler(dispatcher):
# sent by hpfax: to indicate the end of a complete fax rendering job
def handle_hpfaxend(self):
- username = self.fields.get('username', '')
- job_id = self.fields.get('job-id', 0)
- printer_name = self.fields.get('printer', '')
- device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:')
- title = self.fields.get('title', '')
- job_size = self.fields.get('job-size', 0)
+ username = str (self.fields.get('username', ''))
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
+ printer_name = str (self.fields.get('printer', ''))
+ device_uri = str (self.fields.get('device-uri', '')).replace('hp:', 'hpfax:')
+ title = str (self.fields.get('title', ''))
+ try:
+ job_size = int (self.fields.get('job-size', 0))
+ except ValueError:
+ job_size = 0
fax_file[(username, job_id)].seek(0)
fax_file_ready[(username, job_id)] = True
@@ -389,7 +401,7 @@ class hpssd_handler(dispatcher):
# sent by hp-sendfax to see if any faxes have been printed and need to be picked up
def handle_faxcheck(self):
- username = self.fields.get('username', '')
+ username = str (self.fields.get('username', ''))
result_code = ERROR_NO_DATA_AVAILABLE
other_fields = {}
@@ -413,8 +425,11 @@ class hpssd_handler(dispatcher):
# after being run with --job param, both after a hpfaxend message
def handle_faxgetdata(self):
result_code = ERROR_SUCCESS
- username = self.fields.get('username', '')
- job_id = self.fields.get('job-id', 0)
+ username = str (self.fields.get('username', ''))
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
try:
fax_file[(username, job_id)]
@@ -442,9 +457,12 @@ class hpssd_handler(dispatcher):
# EVENT
def handle_event(self):
gui_port, gui_host = None, None
- event_type = self.fields.get('event-type', 'event')
- event_code = self.fields.get('event-code', 0)
- device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+ event_type = str (self.fields.get('event-type', 'event'))
+ try:
+ event_code = int (self.fields.get('event-code', 0))
+ except ValueError:
+ event_code = 0
+ device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
result_code = self.__checkdevice(device_uri)
if result_code != ERROR_SUCCESS:
return
@@ -455,7 +473,10 @@ class hpssd_handler(dispatcher):
log.debug("Short/Long: %s/%s" % (error_string_short, error_string_long))
- job_id = self.fields.get('job-id', 0)
+ try:
+ job_id = int (self.fields.get('job-id', 0))
+ except ValueError:
+ job_id = 0
try:
username = self.fields['username']
@@ -474,7 +495,10 @@ class hpssd_handler(dispatcher):
no_fwd = utils.to_bool(self.fields.get('no-fwd', '0'))
log.debug("Username (jobid): %s (%d)" % (username, job_id))
- retry_timeout = self.fields.get('retry-timeout', 0)
+ try:
+ retry_timeout = int (self.fields.get('retry-timeout', 0))
+ except ValueError:
+ retry_timeout = 0
user_alerts = alerts.get(username, {})
dup_event = False
