Applied patch to fix CVE-2010-4267, remote stack overflow vulnerability (bug #670252).

hplip-CVE-2010-4267.patch

@@ -0,0 +1,12 @@
+diff -up hplip-3.10.9/io/hpmud/pml.c.CVE-2010-4267 hplip-3.10.9/io/hpmud/pml.c
+--- hplip-3.10.9/io/hpmud/pml.c.CVE-2010-4267	2010-09-26 18:07:25.000000000 +0100
++++ hplip-3.10.9/io/hpmud/pml.c	2011-01-17 17:21:26.018127900 +0000
+@@ -504,6 +504,8 @@ enum HPMUD_RESULT hpmud_get_pml(HPMUD_DE
+       p += 2;                               /* eat type and length */
+    }
+    
++   if (dLen > buf_size)
++      dLen = buf_size;
+    memcpy(buf, p, dLen);
+    *bytes_read = dLen; 
+    *type = dt;

hplip.spec

@@ -1,7 +1,7 @@
 Summary: HP Linux Imaging and Printing Project
 Name: hplip
 Version: 3.10.9
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+ and MIT
 Group: System Environment/Daemons
 Conflicts: system-config-printer < 0.6.132
@@ -49,6 +49,7 @@ Patch32: hplip-newline.patch
 Patch33: hplip-dbus-threads.patch
 Patch34: hplip-notification-exception.patch
 Patch35: hplip-cups-web.patch
+Patch36: hplip-CVE-2010-4267.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -297,6 +298,10 @@ done
 # Fixed "CUPS Web Interface" button (bug #633899).
 %patch35 -p1 -b .cups-web
 
+# Applied patch to fix CVE-2010-4267, remote stack overflow
+# vulnerability (bug #670252).
+%patch36 -p1 -b .CVE-2010-4267
+
 sed -i.duplex-constraints \
     -e 's,\(UIConstraints.* \*Duplex\),//\1,' \
     prnt/drv/hpcups.drv.in
@@ -524,6 +529,10 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Mon Jan 17 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-14
+- Applied patch to fix CVE-2010-4267, remote stack overflow
+  vulnerability (bug #670252).
+
 * Wed Jan 12 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-13
 - Removed unused hpcac filter to avoid unnecessary perl dependency.