[cups-devel] [MOD] STR #4403: Race condition in cupsSendRequest()
Tim Waugh
noreply at cups.org
Wed Apr 16 08:29:41 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
A race condition exists in cupsSendRequest(), in which the remote end
closes the connection once it has seen the HTTP headers but before the IPP
request itself has been sent.
To see it happen, configure cupsd.conf with:
DefaultAuthType Basic
[...]
<Location />
Order allow,deny
AuthType Default
Require valid-user
</Location>
and run 'gdb --args lpstat -p'.
Set a breakpoint in cupsSendRequest() after the httpPost() call but before
the ippWrite() call. Let execution run to that breakpoint, then continue.
You'll see that ippWrite() returns IPP_STATE_ERROR, so the ippWrite loop is
exited immediately, and the function returns HTTP_STATUS_ERROR. The error
is propagated back up to lpstat, which tells the user a "Broken pipe" was
the cause (because ippWrite() couldn't write to the half-closed socket).
I've attached a patch which checks for HTTP response data before checking
for IPP_STATE_ERROR. If there is an HTTP error in the response data, it
uses that as normal.
Link: https://www.cups.org/str.php?L4403
Version: 1.7.1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJTTqHlAAoJENujp6sI12IjsmoQAK+b30/fn/+OOHbFN5QhD1et
1AX0zxILlqkddjxQryCTOmcSQoNs/kiKUTx7TYYtg5ucZ31vE4Pcn2nVwJEGNm7p
5CglPh9fWsDODtSnchGpQwMh5tJFZOiBdzyRNq9wTrEA0KH3DwKWCFOns5hKAGJz
qYLstkRQTU0R6OcU1ZwOvrCTWH9Ud7eY74HCF4h3xKZTXAq5yq9FUOTdXRoOuq1Z
XfGnzAW48j/MRlIcDqcqp+oewgysNJ0aW3sX5ijvh8XcXW0r//sVEy93DLCvcUZx
teN6ugEMOl0Jwlb/LDi1TFdlllEV9oI0XCWiWyGWVGuCFnnyYzve7sc8+/Y7wsGy
cC4ZWKs9EiBQpmrhRgNfyzPDwnHoCWDOIkpQ1dlmXT1Wxgt2/4sHm/OT+9KfeF8I
UzAn4stcwWKnTO3d7+P3sJ7SqaDZDgIdbB6fJYUAg3KfOvoChE4tREx66hQ52zc1
QNidSdEHG5RRUwcjLh19idNhz6mFqv0RoycjGa2TEA9srP8qGPnjZSDAfU7LL+d1
vmKuocaSZUpMTMBs+/0DoHGGdKDwMfQnFb4tHIS2ZWCsDRaVZa2Aj33QCIQ2xylg
ZAPUdIowADE8W3OQfKjO25mSk3i3EdrKCPE/UlF/0ZUBNZtd944MUgtGr46svcFB
MsJBxVPS0H9Sipfshf4N
=oZ41
-----END PGP SIGNATURE-----
More information about the cups
mailing list