File hpmud-sanitize-printer-serial-number.patch of Package hplip.36488

From f146a913a0137c67cf1936721ef97cd29dc1d2b0 Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Mon, 18 Nov 2024 16:59:10 +0100
Subject: [PATCH] hpmud: sanitize printer serial number

hplip upstream patch for bsc#1209401 [1]
introduced by hplip-3.24.4.tar.gz [2]

[1] https://bugzilla.suse.com/show_bug.cgi?id=1209401
[2] https://sourceforge.net/projects/hplip/files/hplip/3.24.4/
---
 io/hpmud/hpmud.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/io/hpmud/hpmud.c b/io/hpmud/hpmud.c
index 5977d7d..2d914dc 100644
--- a/io/hpmud/hpmud.c
+++ b/io/hpmud/hpmud.c
@@ -158,7 +158,15 @@ int __attribute__ ((visibility ("hidden"))) generalize_serial(const char *sz, ch
    for (i--; buf[i] == ' ' && i > 0; i--);  /* eat trailing white space */
 
    buf[++i] = 0;
-
+   /*sanitize the serial number. RFC-3986 Valid Serial number character set: [A-Za-z0-9_-]*/
+   for (i=0; i < bufSize && buf[i]; i++) 
+   {
+      if ( !(isalnum(buf[i]) || buf[i] == '-' || buf[i] == '_' ) ) 
+      {
+         DBG("Found invalid character %s in device serial number \n",buf[i]);
+         buf[i] = '\0';
+      }
+   }
    return i;   /* length does not include zero termination */
 }
 
-- 
2.47.0