-
Notifications
You must be signed in to change notification settings - Fork 462
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chunking read bug causes DoS #143
Comments
CUPS.org User: kenneth.choi I got the debugger trace as follow: Trial 1Program received signal SIGINT, Interrupt. Trial 2Program received signal SIGINT, Interrupt. #6 0x2ca38 in main ()It seems that the cupsd is looped in the ipp_read_http function since I try to step through the program by using "step" command. Also, I tried to capture the packets from Ethereal and find that only when I break the batch program just after sending the http POST request but the IPP request has not been send. The problem will occur. I think the problem is caused by the ipp_read_http for the following reasons: 1.) In cups-1.1.18, it just has "if (http->used > 0)" in ipp_Read but in 1.1.19, it has second condition "http -> data_encoding == HTTP_ENCODE_LENGTH)" which should be met. Because we are using chunking, it will not enter into this if-condition. 2.) Thus, it will run the next else-condition by checking the httpWait. Since the connection is already opened and I can see a "unknown socket type" file opened through HP-UX glance. So, it will not break the for-loop 3.) For the last else-if, the httpRead may return 0 only but not negative, since the condition is < 0, so it will not break the for-loop also. Since the "bytes" is always zero in that case and it will loop forever in the for-loop. That causes the problem. And it explains why that problem only occurred in chunking because it always by-pass the first if-condition. |
CUPS.org User: mike Opened CUPS STR to mirror bug filed against ESP Print Pro. Fix will be in 1.1.20 and 4.4.1... |
CUPS.org User: kenneth.choi How about the schedule for the release of cups-1.1.20 and PrintPro 4.4.1? Thanks |
CUPS.org User: mike 1.1.20 and 4.4.1 will probably be released at the end of July. |
CUPS.org User: mike Fixed in CVS; see attached patch if you want to implement the fix against CUPS 1.1.19. |
"str143.patch": Index: ipp.cRCS file: /development/cvs/cups/cups/ipp.c,v
|
Version: 1.1.19
CUPS.org User: kenneth.choi
The text was updated successfully, but these errors were encountered: