[Bug 805363] [NEW] this just looks "sus"

Mon, 04 Jul 2011 01:35:50 -0700 

Public bug reported:

I did a grep in /usr/sbin for "python" and found hpssd. 
There is one function which just looks odd.

It is the following one:
# Qt4 only
def handle_hpdio_event(event, bytes_written):
    log.debug("Reading %d bytes from hpdio pipe..." % bytes_written)
    total_read, data = 0, ''

    while True:
        r, w, e = select.select([r3], [], [r3], 0.0)
        if not r: break

        x = os.read(r3, PIPE_BUF)
        if not x: break

        data = ''.join([data, x])
        total_read += len(x)

        if total_read == bytes_written: break

    log.debug("Read %d bytes" % total_read)

    if total_read == bytes_written:
        dq = loads(data)

        if check_device(event.device_uri) == ERROR_SUCCESS:
            devices[event.device_uri].dq = dq.copy()

            handle_event(device.Event(event.device_uri, '',
                dq.get('status-code', STATUS_PRINTER_IDLE), prop.username, 0, 
''))

            send_toolbox_event(event, EVENT_DEVICE_UPDATE_REPLY)


At the top of this python module it imported loads from cPickle(from cPickle 
import loads, HIGHEST_PROTOCOL).
The function might get called if the event code is an 
EVENT_DEVICE_UPDATE_REPLY[1]
The data that is loaded comes from r3 which is a global set in run() to be 
read_pipe3. 
(the comment in the function definition of run() states the following about 
read_pipe3 "read pipe from hpdio").

I am assuming that hpdio is the _physical_ hardware ... maybe it isn't
and the pickle loads call is on data which was dumped safely by a
trusted entity ?????


[1]
(see the function  handle_event  for the rest of the context regarding the 
following code
    elif event.event_code == EVENT_DEVICE_UPDATE_REPLY:
        bytes_written = int(more_args[1])
        handle_hpdio_event(event, bytes_written)
)

** Affects: hplip (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/805363

Title:
  this just looks "sus"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/805363/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to