[cups.bugs] [MOD] STR #3518: Infinite loop when not compiled with HAVE_GSSAPI

Tomas Hoger thoger at redhat.com
Tue Aug 17 11:08:59 PDT 2010


DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR Closed w/Resolution]

Do you have any minimal reproducer that triggers this flaw?  I presume the
was requesting Negotiate authentication.

Reading the patch, I'm wondering if it does what it was intended to do. 
Based on the previous comments and article L596, it seems intention was to
cancel even non-Negotiate authentication after 3 failures by moving "Too
many authentication tries" error to a common code path.  However,
following precedes that check:

  if ((http->digest_tries > 1 || !http->userpass[0]) &&
      strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9))

which leads to password callback call for non-Negotiate authentications
and reset of digest_tries counter.  So instead of "Too many tries" error,
there's another password prompt.  Depending on the callback function, this
may keep resending password to the server which replies with "unauthorized"
without being cancelled as expected (?).  Or was there some additional loop
that did not involve active request-unauthorized network communication?

Link: http://www.cups.org/str.php?L3518
Version: 1.4.2
Fix Version: 1.5-current (r9020)





More information about the cups mailing list