[cups.bugs] [LOW] STR #2856: arbitrarily limits username/password to 32 characters
martin.pitt.canonical
martin.pitt at canonical.com
Tue Jun 10 13:27:59 PDT 2008
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
http://bugs.debian.org/344898 reported that cups limits usernames and
passwords to 32 characters. Passwords can realistically be longer than
that, though.
I checked the code, this is defined in cupsd_authdata_t
(./scheduler/auth.c, private) and cupsd_client_{s,t}
(./scheduler/client.h, private). The only place where the 32 is publicly
exposed in the library API is cups/http.h:
extern char *httpMD5(const char *, const char *, const char *,
char [33]);
extern char *httpMD5Final(const char *, const char *, const
char *, char [33]);
extern char *httpMD5String(const unsigned char *, char [33]);
However, changing this to char[256] or even just char* won't change the
ABI, since all of them are passed identically in C. It might change the
API (depending on how picky the compiler is wrt. array length
comparisons), but that shouldn't hurt too much?
Would you consider raising the maximum length, to e. g. 256?
Link: http://www.cups.org/str.php?L2856
Version: 1.3.7
More information about the cups-devel
mailing list