$OpenBSD: patch-hpssd_py,v 1.1 2009/02/02 10:47:11 ajacoutot Exp $

Fix for:
CVE-2008-2940
CVE-2008-2941

--- hpssd.py.orig	Fri Nov  2 00:27:54 2007
+++ hpssd.py	Mon Feb  2 10:51:49 2009
@@ -70,7 +70,13 @@ from prnt import cups
 
 # Per user alert settings
 alerts = {}
-
+for user, cfg in alerts_cfg.iteritems ():
+    entry = {}
+    entry['email-alerts'] = utils.to_bool (cfg.get('email-alerts', 0))
+    entry['email-from-address'] = cfg.get('email-from-address', '')
+    entry['email-to-addresses'] = cfg.get('email-to-addresses', '')
+    alerts[user] = entry
+ 
 # Fax
 fax_file = {}
 fax_file_ready = {}
@@ -198,6 +204,7 @@ class hpssd_handler(dispatcher):
                 return True
 
             msg_type = self.fields.get('msg', 'unknown').lower()
+            msg_type = str (self.fields.get('msg', 'unknown')).lower()
             log.debug("Handling: %s %s %s" % ("*"*20, msg_type, "*"*20))
             log.debug(repr(self.in_buffer))
 
@@ -254,9 +261,9 @@ class hpssd_handler(dispatcher):
 
 
     def handle_getvalue(self):
-        device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+        device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
         value = ''
-        key = self.fields.get('key', '')
+        key = str (self.fields.get('key', ''))
         result_code = self.__checkdevice(device_uri)
 
         if result_code == ERROR_SUCCESS:
@@ -268,8 +275,8 @@ class hpssd_handler(dispatcher):
         self.out_buffer = buildResultMessage('GetValueResult', value, result_code)
 
     def handle_setvalue(self):
-        device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
-        key = self.fields.get('key', '')
+        device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
+        key = str (self.fields.get('key', ''))
         value = self.fields.get('value', '')
         result_code = self.__checkdevice(device_uri)
 
@@ -279,32 +286,26 @@ class hpssd_handler(dispatcher):
         self.out_buffer = buildResultMessage('SetValueResult', None, ERROR_SUCCESS)
 
     def handle_queryhistory(self):
-        device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+        device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
         payload = ''
         result_code = self.__checkdevice(device_uri)
 
         if result_code == ERROR_SUCCESS:    
             for h in devices[device_uri].history.get():
                 payload = '\n'.join([payload, ','.join([str(x) for x in h])])
-
         self.out_buffer = buildResultMessage('QueryHistoryResult', payload, result_code)
 
-    # TODO: Need to load alerts at start-up
     def handle_setalerts(self):
         result_code = ERROR_SUCCESS
-        username = self.fields.get('username', '')
 
-        alerts[username] = {'email-alerts'       : utils.to_bool(self.fields.get('email-alerts', '0')),
-                            'email-from-address' : self.fields.get('email-from-address', ''),
-                            'email-to-addresses' : self.fields.get('email-to-addresses', ''),
-                           }
+        # Do nothing.  We use the alerts table in ${SYSCONFDIR}/hp/alerts.conf.
 
         self.out_buffer = buildResultMessage('SetAlertsResult', None, result_code)
 
 
     # EVENT
     def handle_registerguievent(self):
-        username = self.fields.get('username', '')
+        username = str (self.fields.get('username', ''))
         typ = self.fields.get('type', 'unknown')
         self.typ = typ
         self.username = username
@@ -319,7 +320,7 @@ class hpssd_handler(dispatcher):
 
     def handle_test_email(self):
         result_code = ERROR_SUCCESS
-        username = self.fields.get('username', prop.username)
+        username = str (self.fields.get('username', prop.username))
         message = device.queryString('email_test_message')
         subject = device.queryString('email_test_subject')
         result_code = self.sendEmail(username, subject, message, True)
@@ -342,11 +343,14 @@ class hpssd_handler(dispatcher):
 
     # sent by hpfax: to indicate the start of a complete fax rendering job
     def handle_hpfaxbegin(self):
-        username = self.fields.get('username', prop.username)
-        job_id = self.fields.get('job-id', 0)
-        printer_name = self.fields.get('printer', '')
-        device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:')
-        title = self.fields.get('title', '')
+        username = str (self.fields.get('username', prop.username))
+        try:
+            job_id = int (self.fields.get('job-id', 0))
+        except ValueError:
+            job_id = 0
+        printer_name = str (self.fields.get('printer', ''))
+        device_uri = str (self.fields.get('device-uri', '')).replace('hp:', 'hpfax:')
+        title = str (self.fields.get('title', ''))
 
         log.debug("Creating data store for %s:%d" % (username, job_id))
         fax_file[(username, job_id)] = tempfile.NamedTemporaryFile(prefix="hpfax")
@@ -359,8 +363,11 @@ class hpssd_handler(dispatcher):
 
     # sent by hpfax: to transfer completed fax rendering data
     def handle_hpfaxdata(self):
-        username = self.fields.get('username', prop.username)
-        job_id = self.fields.get('job-id', 0)
+        username = str (self.fields.get('username', prop.username))
+        try:
+            job_id = int (self.fields.get('job-id', 0))
+        except ValueError:
+            job_id = 0
 
         if self.payload and (username, job_id) in fax_file and \
             not fax_file_ready[(username, job_id)]:
@@ -372,12 +379,18 @@ class hpssd_handler(dispatcher):
 
     # sent by hpfax: to indicate the end of a complete fax rendering job
     def handle_hpfaxend(self):
-        username = self.fields.get('username', '')
-        job_id = self.fields.get('job-id', 0)
-        printer_name = self.fields.get('printer', '')
-        device_uri = self.fields.get('device-uri', '').replace('hp:', 'hpfax:')
-        title = self.fields.get('title', '')
-        job_size = self.fields.get('job-size', 0)
+        username = str (self.fields.get('username', ''))
+        try:
+            job_id = int (self.fields.get('job-id', 0))
+        except ValueError:
+            job_id = 0
+        printer_name = str (self.fields.get('printer', ''))
+        device_uri = str (self.fields.get('device-uri', '')).replace('hp:', 'hpfax:')
+        title = str (self.fields.get('title', ''))
+        try:
+            job_size = int (self.fields.get('job-size', 0))
+        except ValueError:
+            job_size = 0
 
         fax_file[(username, job_id)].seek(0)
         fax_file_ready[(username, job_id)] = True
@@ -412,8 +425,11 @@ class hpssd_handler(dispatcher):
     # after being run with --job param, both after a hpfaxend message
     def handle_faxgetdata(self):
         result_code = ERROR_SUCCESS
-        username = self.fields.get('username', '')
-        job_id = self.fields.get('job-id', 0)
+        username = str (self.fields.get('username', ''))
+        try:
+            job_id = int (self.fields.get('job-id', 0))
+        except ValueError:
+            job_id = 0
 
         try:
             fax_file[(username, job_id)]
@@ -441,15 +457,16 @@ class hpssd_handler(dispatcher):
     # EVENT
     def handle_event(self):
         gui_port, gui_host = None, None
-        event_type = self.fields.get('event-type', 'event')
-        
-        event_code = self.fields.get('event-code', STATUS_PRINTER_IDLE)
-        
-        # If event-code > 10001, its a PJL error code, so convert it
-        if event_code > EVENT_MAX_EVENT:
-            event_code = status.MapPJLErrorCode(event_code)
-            
-        device_uri = self.fields.get('device-uri', '').replace('hpfax:', 'hp:')
+        event_type = str (self.fields.get('event-type', 'event'))
+        try:
+            event_code = int (self.fields.get('event-code', 0))
+        except ValueError:
+            event_code = 0
+        device_uri = str (self.fields.get('device-uri', '')).replace('hpfax:', 'hp:')
+        result_code = self.__checkdevice(device_uri)
+        if result_code != ERROR_SUCCESS:
+            return
+
         log.debug("Device URI: %s" % device_uri)
 
         error_string_short = device.queryString(str(event_code), 0)
@@ -476,7 +493,10 @@ class hpssd_handler(dispatcher):
 
         no_fwd = utils.to_bool(self.fields.get('no-fwd', '0'))
         log.debug("Username (jobid): %s (%d)" % (username, job_id))
-        retry_timeout = self.fields.get('retry-timeout', 0)
+        try:
+            retry_timeout = int (self.fields.get('retry-timeout', 0))
+        except ValueError:
+            retry_timeout = 0
         user_alerts = alerts.get(username, {})        
 
         dup_event = False
@@ -594,7 +614,7 @@ USAGE = [(__doc__, "", "name", True),
          ("Usage: hpssd.py [OPTIONS]", "", "summary", True),
          utils.USAGE_OPTIONS,
          ("Do not daemonize:", "-x", "option", False),
-         ("Port to listen on:", "-p<port> or --port=<port> (overrides value in /etc/hp/hplip.conf)", "option", False),
+         ("Port to listen on:", "-p<port> or --port=<port> (overrides value in ${SYSCONFDIR}/hp/hplip.conf)", "option", False),
          utils.USAGE_LOGGING1, utils.USAGE_LOGGING2,
          ("Run in debug mode:", "-g (same as options: -ldebug -x)", "option", False),
          utils.USAGE_HELP,
