[cups.bugs] [MOD] STR #1274: long cookie strings will cause "bad request" failures
Kees Cook
kees at outflux.net
Sun Sep 18 13:22:47 PDT 2005
[STR New]
I have several services living on a single host name. One of them sets a
very long cookie string. When I take my browser to the CUPS admin
interface on port 631, I always got "400 Bad Request". This only happens
when the very long cookie is sent. (For example, dropping the cookie let
CUPS respond again, and using curl, lynx, etc that didn't have the cookie
let it work again.)
For an example of a valid HTTP cookie header that breaks it:
Cookie:
COMIC_PREFS=YTo0OTp7czo5OiJHZXQgRnV6enkiO2k6MTtzOjc6IkRpbGJlcnQiO2k6MTtzOjc6IkZveFRyb3QiO2k6MTtzOjQ6IlppdHMiO2k6MTtzOjU6Ik11dHRzIjtpOjE7czoxMjoiV29ya2luZyBEYXplIjtpOjE7czoxMToiUGVubnlBcmNhZGUiO2k6MTtzOjEzOiJVc2VyIEZyaWVuZGx5IjtpOjE7czo3OiJCaXphcnJvIjtpOjE7czoxNzoiVGhpcyBNb2Rlcm4gV29ybGQiO2k6MTtzOjY6IjkgdG8gNSI7aToxO3M6MTE6IkFkYW0gQCBIb21lIjtpOjA7czoxNToiQW5pbWFsIENyYWNrZXJzIjtpOjA7czo0OiJCLkMuIjtpOjA7czoxMDoiQmFieSBCbHVlcyI7aTowO3M6MTM6IkJlZXRsZSBCYWlsZXkiO2k6MDtzOjc6IkJsb25kaWUiO2k6MDtzOjk6IkJvb25kb2NrcyI7aTowO3M6MTE6IkJyb29tIEhpbGRhIjtpOjA7czoxNzoiQ2FsdmluIGFuZCBIb2JiZXMiO2k6MDtzOjEzOiJDbG9zZSB0byBIb21lIjtpOjA7czoxMDoiRG9vbmVzYnVyeSI7aTowO3M6MjM6IkZvciBCZXR0ZXIgb3IgRm9yIFdvcnNlIjtpOjA7czoxNjoiRnVua3kgV2lua2VyYmVhbiI7aTowO3M6ODoiR2FyZmllbGQiO2k6MDtzOjEyOiJHcmFuZCBBdmVudWUiO2k6MDtzOjE4OiJIYWdhciB0aGUgSG9ycmlibGUiO2k6MDtzOjEwOiJIZWF0aGNsaWZmIjtpOjA7czoxMToiSGkgYW5kIExvaXMiO2k6MDtzOjU6IkphbWVzIjtpOjA7czoxMDoiSnVtcCBTdGFydCI7aTowO3M6MTI6Ik1pc3RlciBCb2ZmbyI7aTowO3M6MTE6Ik1peGVkIE1lZGlhIjtpOjA7czoyMDoiTW90aGVyIEdvb3NlICYgR3JpbW0iO2k6MDtzOjEyOiJOb24gU2VxdWl0dXIiO2k6MDtzOjIwOiJPdXQgb2YgdGhlIEdlbmUgUG9vbCI7aTowO3M6MTQ6Ik92ZXIgdGhlIEhlZGdlIjtpOjA7czoxNjoiUGVhbnV0cyAocmVydW5zKSI7aTowO3M6MzoiUHZQIjtpOjA7czoxMjoiUm9zZSBJcyBSb3NlIjtpOjA7czo0OiJTaG9lIjtpOjA7czoxMDoiU3RvbmUgU291cCI7aTowO3M6NjoiU3lsdmlhIjtpOjA7czoxNzoiVGhlIEZhbWlseSBDaXJjdXMiO2k6MDtzOjEzOiJUaGUgTG9ja2hvcm5zIjtpOjA7czoxNjoiVG9wIG9mIHRoZSBXb3JsZCI7aTowO3M6MTQ6IldpbGx5ICduIEV0aGVsIjtpOjA7czoxMjoiV2l6YXJkIG9mIElkIjtpOjA7czo1OiJaaWdneSI7aTowO30%3D
Link: http://www.cups.org/str.php?L1274
Version: 1.1.23
More information about the cups-devel
mailing list