[cups.bugs] [MOD] STR #3518: Infinite loop when not compiled with HAVE_GSSAPI

Christer Bernérus bernerus at chalmers.se
Wed Mar 3 04:38:08 PST 2010


DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

If cups is compiled without HAVE_GSSAPI and is used with a server that
requires authorization, the client gets into an infinite loop.

Without HAVE_GSSAPI there is no code in auth.c that tests the 
http->digest_tries variable.

The bug does not show unless the http input buffer is flushed after
receiving a HTTP_UNAUTHORIZED, which is necessary to do. If that is not
done, submission fails before getting into this loop.

Fix:

--- cups/auth.c	(revision 9014)
+++ cups/auth.c	(working copy)
@@ -392,6 +394,13 @@
     httpSetAuthString(http, "Digest", digest);
   }
 
+  if (http->status == HTTP_UNAUTHORIZED && http->digest_tries >= 3)
+  {
+    DEBUG_printf(("1cupsDoAuthentication: too many authentication tries
(%d)", http->digest_tries));
+    http->status = HTTP_AUTHORIZATION_CANCELED;
+    return(-1);
+  }
+
   DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\"",
http->authstring));
 
   return (0);

Link: http://www.cups.org/str.php?L3518
Version: 1.4.2





More information about the cups mailing list