Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Infinite loop when not compiled with HAVE_GSSAPI #3518
If cups is compiled without HAVE_GSSAPI and is used with a server that requires authorization, the client gets into an infinite loop.
Without HAVE_GSSAPI there is no code in auth.c that tests the
The bug does not show unless the http input buffer is flushed after receiving a HTTP_UNAUTHORIZED, which is necessary to do. If that is not done, submission fails before getting into this loop.
--- cups/auth.c (revision 9014)
DEBUG_printf(("1cupsDoAuthentication: authstring="%s"", http->authstring));
CUPS.org User: thoger
Do you have any minimal reproducer that triggers this flaw? I presume the was requesting Negotiate authentication.
Reading the patch, I'm wondering if it does what it was intended to do. Based on the previous comments and article L596, it seems intention was to cancel even non-Negotiate authentication after 3 failures by moving "Too many authentication tries" error to a common code path. However, following precedes that check:
if ((http->digest_tries > 1 || !http->userpass) &&
which leads to password callback call for non-Negotiate authentications and reset of digest_tries counter. So instead of "Too many tries" error, there's another password prompt. Depending on the callback function, this may keep resending password to the server which replies with "unauthorized" without being cancelled as expected (?). Or was there some additional loop that did not involve active request-unauthorized network communication?
CUPS.org User: mike
The intent was to make sure that non-password authentication was not tried too many times. When password authentication is requested we'll keep retrying until the password callback returns NULL or the server returns a "forbidden" status.
--- cups/auth.c (revision 9016)
- http->status = HTTP_AUTHORIZATION_CANCELED;