File foomatic-rip-hplip-3.11.5.CVE-2004-0801.CVE-2011-2697.patch of Package hplip.236
--- prnt/hpijs/foomatic-rip-hplip.orig 2011-05-09 03:00:51.000000000 +0200
+++ prnt/hpijs/foomatic-rip-hplip 2011-08-09 13:24:46.000000000 +0200
@@ -5,7 +5,7 @@ use strict;
use POSIX;
use Cwd;
-my $ripversion='$Revision=3.0.2.131$';
+my $ripversion='$Revision$';
#'# Fix emacs syntax highlighting
# foomatic-rip is a spooler-independent filter script which takes
@@ -134,6 +134,15 @@ my $logfile = "/tmp/foomatic-rip";
# USA.
#
+# strip out dangerous \x01 chars in arguments to avoid a security hole in cups.
+for (my $i=0; $i<=$#ARGV; $i++)
+{
+ if (defined($ARGV[$i]))
+ {
+ $ARGV[$i] =~ s/\001//g;
+ }
+}
+
my $added_lf = "\n";
# Flush everything immediately.
@@ -404,10 +413,6 @@ if (defined($ENV{'LPOPTS'})) {
$spooler = 'gnulpr';
}
-
-
-## Named command line options
-
# We do not use Getopt::Long because it does not work when between the
# option and the argument is no space ("-w80" instead of "-w 80"). This
# happens in the command line of LPRng, but also users could type in
@@ -425,138 +430,178 @@ if (defined($ENV{'LPOPTS'})) {
my $argstr = "\x01" .
join("\x01", map { removeunprintables($_) } @ARGV) . "\x01";
-# Version check
-if ($argstr =~ /^\x01-(h|v|-help|-version)\x01$/i) {
- my $ver;
- if ($ripversion =~ /^\$Revision=(.*)\$$/) {
- $ver = $1;
- } else {
- $ver = "Unknown";
+my ($verbose, $quiet, $show_docs, $do_docs, $cupscolorprofile, $genpdqfile);
+
+## Named command line options
+
+# CUPS calls foomatic-rip only with 5 or 6 positional parameters,
+# not with named options, like for example "-p <string>". Also PPR
+# does not used named options.
+if (($spooler ne 'cups') && ($spooler ne 'ppr') && ($spooler ne 'ppr_int')) {
+
+ # Version check
+ if ($argstr =~ /^\x01-(h|v|-help|-version)\x01$/i) {
+ my $ver;
+ if ($ripversion =~ /^\$Revision=(.*)\$$/) {
+ $ver = $1;
+ } else {
+ $ver = "Unknown";
+ }
+ print "foomatic-rip revision $ver\n";
+ print "\"man foomatic-rip\" for help.\n";
+ exit 0;
}
- print "foomatic-rip revision $ver\n";
- print "\"man foomatic-rip\" for help.\n";
- exit 0;
-}
-# Debug mode activated via command line
-if ($argstr =~ s/\x01--debug\x01/\x01/) {
- $debug = 1;
-}
+ # Debug mode activated via command line
+ if ($argstr =~ s/\x01--debug\x01/\x01/) {
+ $debug = 1;
+ }
-# Command line options for verbosity
-my $verbose = ($argstr =~ s/\x01-v\x01/\x01/);
-my $quiet = ($argstr =~ s/\x01-q\x01/\x01/);
-my $show_docs = ($argstr =~ s/\x01-d\x01/\x01/);
-my $do_docs;
-my $cupscolorprofile;
+ # Command line options for verbosity
+ $verbose = ($argstr =~ s/\x01-v\x01/\x01/);
+ $quiet = ($argstr =~ s/\x01-q\x01/\x01/);
+ $show_docs = ($argstr =~ s/\x01-d\x01/\x01/);
-if ($debug) {
- # Grotesquely unsecure; use for debugging only
- open LOG, "> ${logfile}.log";
- $logh = *LOG;
+ if ($debug) {
+ # Grotesquely unsecure; use for debugging only
+ open LOG, "> ${logfile}.log";
+ $logh = *LOG;
- use IO::Handle;
- $logh->autoflush(1);
-} elsif (($quiet) && (!$verbose)) {
- # Quiet mode, do not log
- open LOG, "> /dev/null";
- $logh = *LOG;
+ use IO::Handle;
+ $logh->autoflush(1);
+ } elsif (($quiet) && (!$verbose)) {
+ # Quiet mode, do not log
+ open LOG, "> /dev/null";
+ $logh = *LOG;
- use IO::Handle;
- $logh->autoflush(1);
-} else {
- # Default: log to STDERR
- $logh=*STDERR;
-}
+ use IO::Handle;
+ $logh->autoflush(1);
+ } else {
+ # Default: log to STDERR
+ $logh=*STDERR;
+ }
-## Start debug logging
-if ($debug) {
- # If we are not in debug mode, we do this later, as we must find out at
- # first which spooler is used. When printing without spooler we
- # suppress logging because foomatic-rip is called directly on the
- # command line and so we avoid logging onto the console.
- print $logh "foomatic-rip version $ripversion running...\n";
- # Print the command line only in debug mode, Mac OS X adds very many
- # options so that CUPS cannot handle the output of the command line
- # in its log files. If CUPS encounters a line with more than 1024
- # characters sent into its log files, it aborts the job with an error.
- if (($debug) || ($spooler ne 'cups')) {
- print $logh "called with arguments: '", join("', '",@ARGV), "'\n";
+ ## Start debug logging
+ if ($debug) {
+ # If we are not in debug mode, we do this later, as we must find out at
+ # first which spooler is used. When printing without spooler we
+ # suppress logging because foomatic-rip is called directly on the
+ # command line and so we avoid logging onto the console.
+ print $logh "foomatic-rip version $ripversion running...\n";
+ # Print the command line only in debug mode, Mac OS X adds very many
+ # options so that CUPS cannot handle the output of the command line
+ # in its log files. If CUPS encounters a line with more than 1024
+ # characters sent into its log files, it aborts the job with an error.
+ if (($debug) || ($spooler ne 'cups')) {
+ print $logh "called with arguments: '", join("', '",@ARGV), "'\n";
+ }
}
-}
-## Continue with named options
+ ## Continue with named options
-# Check for LPRng first so we do not pick up bogus ppd files by the -p option
-if ($argstr =~ s/\x01--lprng\x01/\x01/) {
- # We have LPRng
- $spooler = 'lprng';
-}
-# 'PRINTCAP_ENTRY' environment variable is : LPRng
-# the :ppd=/path/to/ppdfile printcap entry should be used
-if (defined($ENV{'PRINTCAP_ENTRY'})){
+ # Check for LPRng first so we do not pick up bogus ppd files by the -p
+ # option
+ if ($argstr =~ s/\x01--lprng\x01/\x01/) {
+ # We have LPRng
+ $spooler = 'lprng';
+ }
+ # 'PRINTCAP_ENTRY' environment variable is : LPRng
+ # the :ppd=/path/to/ppdfile printcap entry should be used
+ if (defined($ENV{'PRINTCAP_ENTRY'})){
$spooler = 'lprng';
my( @pc);
@pc = split( /\s*:\s*/, $ENV{'PRINTCAP_ENTRY'} );
shift @pc;
foreach (@pc) {
- if( /^ppd=(.*)$/ or /^ppdfile=(.*)$/ ){
- $ppdfile = removespecialchars($1) if $1;
- }
+ if( /^ppd=(.*)$/ or /^ppdfile=(.*)$/ ){
+ $ppdfile = removespecialchars($1) if $1;
+ }
}
-} elsif ($argstr =~ s/\x01--lprng\x01/\x01/g) {
- # We have LPRng
- $spooler = 'lprng';
-}
+ } elsif ($argstr =~ s/\x01--lprng\x01/\x01/g) {
+ # We have LPRng
+ $spooler = 'lprng';
+ }
+ # Check for LPD/GNUlpr by typical options which the spooler puts onto
+ # the filter's command line (options "-w": text width, "-l": text
+ # length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing,
+ # "-n": user name, "-h": host name)
+ if ($argstr =~ s/\x01-h(\x01|)([^\x01]+)\x01/\x01/) {
+ # We have LPD or GNUlpr
+ if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
+ $spooler = 'lpd';
+ }
+ $jobhost = $2;
+ }
+ if ($argstr =~ s/\x01-n(\x01|)([^\x01]+)\x01/\x01/) {
+ # We have LPD or GNUlpr
+ if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
+ $spooler = 'lpd';
+ }
+ $jobuser = $2;
+ }
+ if (($argstr =~ s/\x01-w(\x01|)\d+\x01/\x01/) ||
+ ($argstr =~ s/\x01-l(\x01|)\d+\x01/\x01/) ||
+ ($argstr =~ s/\x01-x(\x01|)\d+\x01/\x01/) ||
+ ($argstr =~ s/\x01-y(\x01|)\d+\x01/\x01/) ||
+ ($argstr =~ s/\x01-i(\x01|)\d+\x01/\x01/) ||
+ ($argstr =~ s/\x01-c\x01/\x01/)) {
+ # We have LPD or GNUlpr
+ if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
+ $spooler = 'lpd';
+ }
+ }
-# PPD file name given via the command line
-# allow duplicates, and use the last specified one
-while ( ($spooler ne 'lprng') and ($argstr =~ s/\x01-p(\x01|)([^\x01]+)\x01/\x01/)) {
- $ppdfile = $2;
-}
-while ($argstr =~ s/\x01--ppd(\x01|=|)([^\x01]+)\x01/\x01/) {
- $ppdfile = $2;
-}
+ # PPD file name given via the command line
+ # allow duplicates, and use the last specified one
+ if (($spooler ne 'lprng') && ($spooler ne 'lpd') && ($spooler ne 'gnulpr')){
+ while ($argstr =~ s/\x01-p(\x01|)([^\x01]+)\x01/\x01/) {
+ $ppdfile = $2;
+ }
+ while ($argstr =~ s/\x01--ppd(\x01|=|)([^\x01]+)\x01/\x01/) {
+ $ppdfile = $2;
+ }
+ }
-# Check for LPD/GNUlpr by typical options which the spooler puts onto
-# the filter's command line (options "-w": text width, "-l": text
-# length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing,
-# "-n": user name, "-h": host name)
-if ($argstr =~ s/\x01-h(\x01|)([^\x01]+)\x01/\x01/) {
- # We have LPD or GNUlpr
- if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
- $spooler = 'lpd';
+ # LPRng delivers the option settings via the "-Z" argument
+ if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+)\x01/\x01/) {
+ my @lpopts = split(/,/, $2);
+ foreach my $opt (@lpopts) {
+ $opt =~ s/^\s+//;
+ $opt =~ s/\s+$//;
+ $opt = removeshellescapes($opt);
+ if ($opt =~ /\s+/) {
+ $opt = "\"$opt\"";
+ }
+ $optstr .= "$opt ";
+ }
+ # We have LPRng
+ $spooler = 'lprng';
}
- $jobhost = $2;
-}
-if ($argstr =~ s/\x01-n(\x01|)([^\x01]+)\x01/\x01/) {
- # We have LPD or GNUlpr
- if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
- $spooler = 'lpd';
+
+ # Job title and options for stock LPD
+ if ($argstr =~ s/\x01-[jJ](\x01|)([^\x01]+)\x01/\x01/) {
+ # An LPD
+ $jobtitle = removeshellescapes($2);
+ # Classic LPD hack
+ if ($spooler eq "lpd") {
+ $optstr .= "$jobtitle ";
+ }
}
- $jobuser = $2;
-}
-if (($argstr =~ s/\x01-w(\x01|)\d+\x01/\x01/) ||
- ($argstr =~ s/\x01-l(\x01|)\d+\x01/\x01/) ||
- ($argstr =~ s/\x01-x(\x01|)\d+\x01/\x01/) ||
- ($argstr =~ s/\x01-y(\x01|)\d+\x01/\x01/) ||
- ($argstr =~ s/\x01-i(\x01|)\d+\x01/\x01/) ||
- ($argstr =~ s/\x01-c\x01/\x01/)) {
- # We have LPD or GNUlpr
- if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
- $spooler = 'lpd';
+
+ # Check for CPS
+ if ($argstr =~ s/\x01--cps\x01/\x01/) {
+ # We have cps
+ $spooler = 'cps';
}
-}
-# LPRng delivers the option settings via the "-Z" argument
-if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+)\x01/\x01/) {
- my @lpopts = split(/,/, $2);
- foreach my $opt (@lpopts) {
+ # Options for spooler-less printing, CPS, or PDQ
+ while ($argstr =~ s/\x01-o(\x01|)([^\x01]+)\x01/\x01/) {
+ my $opt = $2;
$opt =~ s/^\s+//;
$opt =~ s/\s+$//;
$opt = removeshellescapes($opt);
@@ -564,80 +609,49 @@ if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+)
$opt = "\"$opt\"";
}
$optstr .= "$opt ";
+ # If we don't print as a PPR RIP or as a CPS filter, we print without
+ # spooler (we check for PDQ later)
+ if (($spooler ne 'ppr') && ($spooler ne 'cps')) {
+ $spooler = 'direct';
+ }
}
- # We have LPRng
- $spooler = 'lprng';
-}
-
-# Job title and options for stock LPD
-if ($argstr =~ s/\x01-[jJ](\x01|)([^\x01]+)\x01/\x01/) {
- # An LPD
- $jobtitle = removeshellescapes($2);
- # Classic LPD hack
- if ($spooler eq "lpd") {
- $optstr .= "$jobtitle ";
- }
-}
-
-# Check for CPS
-if ($argstr =~ s/\x01--cps\x01/\x01/) {
- # We have cps
- $spooler = 'cps';
-}
-
-# Options for spooler-less printing, CPS, or PDQ
-while ($argstr =~ s/\x01-o(\x01|)([^\x01]+)\x01/\x01/) {
- my $opt = $2;
- $opt =~ s/^\s+//;
- $opt =~ s/\s+$//;
- $opt = removeshellescapes($opt);
- if ($opt =~ /\s+/) {
- $opt = "\"$opt\"";
- }
- $optstr .= "$opt ";
- # If we don't print as a PPR RIP or as a CPS filter, we print without
- # spooler (we check for PDQ later)
- if (($spooler ne 'ppr') && ($spooler ne 'cps')) {
- $spooler = 'direct';
- }
-}
-# Printer for spooler-less printing or PDQ
-if ($argstr =~ s/\x01-d(\x01|)([^\x01]+)\x01/\x01/) {
- $printer = removeshellescapes($2);
-}
-# Printer for spooler-less printing, PDQ, or LPRng
-if ($argstr =~ s/\x01-P(\x01|)([^\x01]+)\x01/\x01/) {
- $printer = removeshellescapes($2);
-}
-
-# Were we called from a PDQ wrapper?
-if ($argstr =~ s/\x01--pdq\x01/\x01/) {
- # We have PDQ
- $spooler = 'pdq';
-}
-
-# Were we called to build the PDQ driver declaration file?
-# "--appendpdq=<file>" appends the data to the <file>,
-# "--genpdq=<file>" creates/overwrites <file> for the data, and
-# "--genpdq" writes to standard output
-my $genpdqfile = "";
-if (($argstr =~ s/\x01--(gen)(raw|)pdq(\x01|=|)([^\x01]*)\x01/\x01/) ||
- ($argstr =~ s/\x01--(append)(raw|)pdq(\x01|=|)([^\x01]+)\x01/\x01/)) {
- # Determine output file name
- if (!$4) {
- $genpdqfile = ">&STDOUT";
- } else {
- if ($1 eq 'gen') {
- $genpdqfile = "> " . removeshellescapes($4);
+ # Printer for spooler-less printing or PDQ
+ if ($argstr =~ s/\x01-d(\x01|)([^\x01]+)\x01/\x01/) {
+ $printer = removeshellescapes($2);
+ }
+ # Printer for spooler-less printing, PDQ, or LPRng
+ if ($argstr =~ s/\x01-P(\x01|)([^\x01]+)\x01/\x01/) {
+ $printer = removeshellescapes($2);
+ }
+
+ # Were we called from a PDQ wrapper?
+ if ($argstr =~ s/\x01--pdq\x01/\x01/) {
+ # We have PDQ
+ $spooler = 'pdq';
+ }
+
+ # Were we called to build the PDQ driver declaration file?
+ # "--appendpdq=<file>" appends the data to the <file>,
+ # "--genpdq=<file>" creates/overwrites <file> for the data, and
+ # "--genpdq" writes to standard output
+ $genpdqfile = "";
+ if (($argstr =~ s/\x01--(gen)(raw|)pdq(\x01|=|)([^\x01]*)\x01/\x01/) ||
+ ($argstr =~ s/\x01--(append)(raw|)pdq(\x01|=|)([^\x01]+)\x01/\x01/)) {
+ # Determine output file name
+ if (!$4) {
+ $genpdqfile = ">&STDOUT";
} else {
- $genpdqfile = ">> " . removeshellescapes($4);
+ if ($1 eq 'gen') {
+ $genpdqfile = "> " . removeshellescapes($4);
+ } else {
+ $genpdqfile = ">> " . removeshellescapes($4);
+ }
}
- }
- # Do we want to have a PDQ driver declaration for a raw printer?
- if ($2 eq 'raw') {
- my $time = time();
- my @pdqfile =
+ # Do we want to have a PDQ driver declaration for a raw printer?
+ if ($2 eq 'raw') {
+ my $time = time();
+ my @pdqfile =
"driver \"Raw-Printer-$time\" {
# This PDQ driver declaration file was generated automatically by
# foomatic-rip to allow raw (filter-less) printing.
@@ -652,20 +666,22 @@ if (($argstr =~ s/\x01--(gen)(raw|)pdq(\
ln -s \$INPUT \$OUTPUT
}
}";
- open PDQFILE, $genpdqfile or
- rip_die("Cannot write PDQ driver declaration file",
- $EXIT_PRNERR_NORETRY_BAD_SETTINGS);
- print PDQFILE join('', @pdqfile);
- close PDQFILE;
- exit $EXIT_PRINTED;
+ open PDQFILE, $genpdqfile or
+ rip_die("Cannot write PDQ driver declaration file",
+ $EXIT_PRNERR_NORETRY_BAD_SETTINGS);
+ print PDQFILE join('', @pdqfile);
+ close PDQFILE;
+ exit $EXIT_PRINTED;
+ }
+ # We have PDQ
+ $spooler = 'pdq';
}
- # We have PDQ
- $spooler = 'pdq';
-}
-# remove extra spacing if running as LPRng filter
-$added_lf = "" if $spooler eq 'lprng';
+ # remove extra spacing if running as LPRng filter
+ $added_lf = "" if $spooler eq 'lprng';
+
+}
## Command line arguments without name
@@ -3251,9 +3267,9 @@ for $file (@filelist) {
# Insert PostScript option settings
# (options for section "PageSetup".
if ($isdscjob && !$pagesetupfound) {
- $line .=
+ $line =
makepagesetupsection($dat, $optionset,
- 1);
+ 1) . $line;
$pagesetupfound = 1;
}
}
@@ -3646,7 +3662,6 @@ sub getrendererhandle {
close KID3;
- $SIG{PIPE} = 'DEFAULT';
pipe KID4_IN, KID4;
KID4->autoflush(1);
$kid4 = fork();
@@ -3827,15 +3842,11 @@ sub getrendererhandle {
# When arrived here the renderer command line was successful
# So exit with zero exit value here and inform the main process
close KID_MESSAGE;
+ print KID_MESSAGE_IN "3 $EXIT_PRINTED\n";
+ close KID_MESSAGE_IN;
# Wait for postpipe/output child
waitpid($kid4, 0);
- if ($? != 0) {
- print KID_MESSAGE_IN "3 $EXIT_SIGNAL\n";
- } else {
- print KID_MESSAGE_IN "3 $EXIT_PRINTED\n";
- }
- close KID_MESSAGE_IN;
- print $logh "KID3 finished with $?\n";
+ print $logh "KID3 finished\n";
exit $EXIT_PRINTED;
} else {
$kidgeneration += 1;
@@ -4184,7 +4195,6 @@ sub getfileconverterhandle {
# converter
close KID1_IN;
- $SIG{PIPE} = 'DEFAULT';
pipe KID2_IN, KID2;
KID2->autoflush(1);
$kid2 = fork();
@@ -4656,7 +4666,6 @@ sub getdocgeneratorhandle {
# we are the kid; we generate the documentation page
close KID0_IN;
- $SIG{PIPE} = 'DEFAULT';
# Kill data on STDIN to satisfy PPR
if (($spooler eq 'ppr_int') || ($spooler eq 'ppr')) {
@@ -6717,7 +6726,6 @@ sub modern_system {
# will be members of this process group and so by killing this
# process group we can kill all subprocesses and so we can
# cleanly cancel print jobs
- $SIG{PIPE} = 'DEFAULT';
eval("setpgrp()");
# Stop catching signals
#use sigtrap qw(die normal-signals error-signals
