[cups.bugs] [LOW] STR #2459: Patch to allow comment chars in password fields
Daniel M. Lambea
dmlambea at gmail.com
Thu Jul 26 11:48:26 PDT 2007
Hello, Mike
I've received this email, but I don't know how to post a reply in the
web interface.
What I understand below is that '#' cannot be part of an URI, so it
must be escaped. The code I sent you is exactly for that purpose, I
mean, to escape the '#' chars by prepending a '\\' before it (and I
mean all of them until a comment is found).
I wrote the patch because in my work (the Town Hall), all printer's
passwords contain one or more '#' characters (e.g. 's@#mpl#e') and my
CUPS daemon interprets the first one as the comment beginning, so no
binding is possible. I need all '#' to be escaped for the printers to
work. I have currently two CUPS servers working with the patch
applied, v1.2.8 Ubuntu Feisty and v1.2.12 Debian Testing and both are
working fine.
A solution could be to remove the '#' from the passwords in the
Microsoft Active Directory, but security officers don't allow me to do
so.
My fix will work until one or both servers became upgraded, and then I
will need to get the sources again and apply the patch. I volunteer to
rewrite the patch for it to get accepted by you. This way I would not
need to re-patch all CUPS versions forever. May you give me some
directions on what to fix? Exactly what is wrong?
Many thanks in advance,
Daniel M. Lambea
On 7/26/07, Michael Sweet <mike at easysw.com> wrote:
>
> [STR Closed w/o Resolution]
>
> # is not a valid URI character in the username/password portion - it
> specifies a URI target and has special meaning. Per the spec, ALL #
> character MUST be escaped.
>
> Link: http://www.cups.org/str.php?L2459
> Version: 1.2.12
> Fix Version: Will Not Fix
More information about the cups
mailing list