[cups.general] CUPS- HTTP Content-Length issue
Michael R Sweet
msweet at apple.com
Mon Apr 7 12:32:11 PDT 2008
rahulmode wrote:
>> rahulmode wrote:
>>> I noticed that in CUPS1.1.23, when I connect to the server using
>>>
>>> # nc 10.10.220.231 631
>>> POST /printers/printer/ HTTP/1.1
>>> Content-Length:
>>>
>>>
>>> \n
>>> \n
>>>
>>>
>>>
>>>
>>> --------------------------------
>>>
>>> It's clear from the source code that, it waits for 2147483647 Number of Bytes !!!!! This may result in possible DOS.
>>>
>>> Regarding this issue, I got no info on the forums!
>>> So please, can someone tell why is this issue not handled ..
>>> is this a feature? if yes how ??
>> Well, first you might test with a newer release - 1.1.23 is very
>> old. If the same problem occurs with 1.3.7, please file a bug
>> report:
>>
>> http://www.cups.org/str.php
>>
>> Second, there are a lot of ways to do Denial-of-Service attacks on
>> any network service, and adding a length check for Content-Length
>> won't prevent them...
>>
>> --
>> ______________________________________________________________________
>> Michael Sweet, Easy Software Products mike at easysw dot com
>
>
>
> I checked the same .. on CUPS-1.3.7 where again the problem is reproducible.
>
> FILED the BUG !! ( STR #2787 )
> It's a security issue related to CUPS ( all versions )
Thanks for the bug report.
Again, we don't consider this type of issue a security risk, since
even with the added error checking it is possible to induce the kind
of denial-of-service attack you envision.
--
______________________________________________________________________
Michael R Sweet Senior Printing System Engineer
More information about the cups
mailing list