/[packages]/updates/1/hplip/current/SOURCES/hplip-CVE-2013-0200.patch
ViewVC logotype

Contents of /updates/1/hplip/current/SOURCES/hplip-CVE-2013-0200.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 399969 - (show annotations) (download)
Fri Feb 22 17:21:27 2013 UTC (8 years, 5 months ago) by luigiwalser
File size: 3958 byte(s)
rediff patch from redhat to fix CVE-2013-0200
1 diff -up hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp
2 --- hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 2013-01-22 10:57:13.651460928 +0000
3 +++ hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp 2013-01-22 10:57:34.087541538 +0000
4 @@ -637,19 +637,22 @@ int HPCupsFilter::processRasterData(cups
5 {
6 char szFileName[32];
7 memset(szFileName, 0, sizeof(szFileName));
8 - snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number);
9 + snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number);
10 if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW ||
11 cups_header.cupsColorSpace == CUPS_CSPACE_RGB)
12 {
13 - cfp = fopen (szFileName, "w");
14 - chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
15 + int fd = mkstemp (szFileName);
16 + if (fd != -1)
17 + cfp = fdopen (fd, "w");
18 }
19 if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW ||
20 cups_header.cupsColorSpace == CUPS_CSPACE_K)
21 {
22 - szFileName[17] = 'k';
23 - kfp = fopen (szFileName, "w");
24 - chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
25 + int fd;
26 + snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number);
27 + fd = mkstemp (szFileName);
28 + if (fd != -1)
29 + kfp = fdopen (fd, "w");
30 }
31 dbglog("9......\n");
32 WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER);
33 diff -up hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/SystemServices.cpp
34 --- hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 2012-04-10 09:32:37.000000000 +0100
35 +++ hplip-3.12.4/prnt/hpcups/SystemServices.cpp 2013-01-22 10:57:34.088541545 +0000
36 @@ -36,10 +36,12 @@ SystemServices::SystemServices(int iLogL
37 m_fp = NULL;
38 if (iLogLevel & SAVE_PCL_FILE)
39 {
40 + int fd;
41 char fname[32];
42 - sprintf(fname, "/tmp/hpcups_job%d.out", job_id);
43 - m_fp = fopen(fname, "w");
44 - chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
45 + sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id);
46 + fd = mkstemp (fname);
47 + if (fd != -1)
48 + m_fp = fdopen(fd, "w");
49 }
50 }
51
52 diff -up hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpijs/hpijs.cpp
53 --- hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 2013-01-22 10:57:12.219455275 +0000
54 +++ hplip-3.12.4/prnt/hpijs/hpijs.cpp 2013-01-22 10:57:34.089541549 +0000
55 @@ -96,13 +96,12 @@ void setLogLevel(UXServices *pSS)
56
57 if (pSS->m_iLogLevel & SAVE_PCL_FILE)
58 {
59 + int fd;
60 char szFileName[32];
61 - sprintf (szFileName, "/tmp/hpijs_%d.out", getpid());
62 - pSS->outfp = fopen (szFileName, "w");
63 - if (pSS->outfp)
64 - {
65 - chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
66 - }
67 + sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid());
68 + fd = mkstemp (szFileName);
69 + if (fd != -1)
70 + pSS->outfp = fdopen (fd, "w");
71 }
72 }
73
74 diff -up hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 hplip-3.12.4/prnt/hpps/hppsfilter.c
75 --- hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 2012-04-10 09:32:37.000000000 +0100
76 +++ hplip-3.12.4/prnt/hpps/hppsfilter.c 2013-01-22 10:57:34.089541549 +0000
77 @@ -92,10 +92,12 @@ void open_dbg_outfile(char* szjob_id)
78 g_fp_outdbgps = NULL;
79 if (g_savepsfile & SAVE_PS_FILE)
80 {
81 + int fd;
82 char sfile_name[FILE_NAME_SIZE] = {0};
83 - sprintf(sfile_name, DBG_PSFILE, szjob_id);
84 - g_fp_outdbgps= fopen(sfile_name, "w");
85 - chmod(sfile_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
86 + sprintf(sfile_name, DBG_PSFILE ".XXXXXX", szjob_id);
87 + fd = mkstemp (sfile_name);
88 + if (fd != -1)
89 + g_fp_outdbgps = fdopen(fd, "w");
90 }
91 }
92

  ViewVC Help
Powered by ViewVC 1.1.28