Bug#651204: CVE-2011-4405 fixed in wheezy, not in squeeze

Tue, 24 Jul 2012 01:24:17 -0700 

tags 651204 +patch
thanks

Le mercredi, 30 mai 2012 11.47:05, Thijs Kinkhorst a écrit :
> Hi,
> 
> Wheezy and sid contain a patch for this issue. Squeeze seems still
> affected. Are you able to provide an updated package for squeeze?

Would the attached patch do the job for Squeeze?

OdyX

From: Till Kamppeter <till.kamppe...@gmail.com>
Date: Tue, 13 Dec 2011 20:54:26 +0100
Subject: Fix MITM via unencrypted metadata download

Adapted to Squeeze by Didier Raboud <o...@debian.org> on Tue Jul 24 10:09:16 CEST 2012.

Closes: #651204
---
 cupshelpers/openprinting.py |   35 +++++++++++++++++++++++------------
 1 files changed, 23 insertions(+), 12 deletions(-)

--- a/cupshelpers/openprinting.py
+++ b/cupshelpers/openprinting.py
@@ -19,7 +19,7 @@
 ## along with this program; if not, write to the Free Software
 ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-import urllib, httplib, platform, threading, tempfile, traceback
+import pycurl,urllib, httplib, platform, threading, tempfile, traceback
 import os, sys
 from xml.etree.ElementTree import XML
 from . import Device
@@ -42,10 +42,18 @@
         self.parameters = parameters
         self.callback = callback
         self.user_data = user_data
+        self.result = ""
 
         self.setDaemon (True)
 
     def run (self):
+
+        # Callback function for pycURL collecting the data coming from
+        # the web server
+        def collect_data(result):
+            self.result += result;
+            return len(result)
+
         # CGI script to be executed
         query_command = "/query.cgi"
         # Headers for the post request
@@ -55,26 +63,26 @@
                   (urllib.urlencode (self.parameters),
                    self.parent.language[0],
                    self.parent.language[0]))
-        self.url = "http://%s%s?%s"; % (self.parent.base_url, query_command, params)
+        self.url = "https://%s%s?%s"; % (self.parent.base_url, query_command, params)
         # Send request
-        result = None
+        self.result = ""
         status = 1
         try:
-            conn = httplib.HTTPConnection(self.parent.base_url)
-            conn.request("POST", query_command, params, headers)
-            resp = conn.getresponse()
-            status = resp.status
-            if status == 200:
-                result = resp.read()
-            conn.close()
+            curl = pycurl.Curl()
+            curl.setopt(pycurl.SSL_VERIFYPEER, 1)
+            curl.setopt(pycurl.SSL_VERIFYHOST, 2)
+            curl.setopt(pycurl.WRITEFUNCTION, collect_data)
+            curl.setopt(pycurl.URL, self.url)
+            status = curl.perform()
+            if status == None: status = 0
+            if (status != 0):
+                self.result = sys.exc_info ()
         except:
-            result = sys.exc_info ()
-
-        if status == 200:
-            status = 0
+            self.result = sys.exc_info ()
+            if status == None: status = 0
 
         if self.callback != None:
-            self.callback (status, self.user_data, result)
+            self.callback (status, self.user_data, self.result)
 
 class OpenPrinting:
     def __init__(self, language=None):

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to