Bug 169933

Summary: CUPS daemon crash from IPP/SSL bug when repeatedly requesting web interface (possible DoS)
Product: Red Hat Enterprise Linux 3 Reporter: Tim Waugh <twaugh>
Component: cupsAssignee: Tim Waugh <twaugh>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3.0CC: benl, poelstra
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2006-0034 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-15 15:50:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 163011    
Bug Blocks: 168424    

Description Tim Waugh 2005-10-05 12:54:50 UTC 
+++ This bug was initially created as a clone of Bug #163011 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524
Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
If you configure CUPS to require SSL encrypted IPP connections it's possible to
crash the CUPS server daemon by quickly and repeatedly requesting pages from the
web interface.

Version-Release number of selected component (if applicable):
cups-1.1.22-0.rc1.9.6

How reproducible:
Always

Steps to Reproduce:
1. Configure CUPS to require SSL IPP connections.
2. Connect with a web browser to the web interface over the SSL port, eg:
https://cupsserver:631/printers/testprinter
3. Hit refresh in the browser quickly several times, the CUPS daemon will crash
after ~3 refreshes.
  

Actual Results:  CUPS daemon crashes with the following in /var/log/cups/error_log:
E [12/Jul/2005:09:07:34 +0100] CloseClient: error:1409F07F:SSL
routines:SSL3_WRITE_PENDING:bad write retry
E [12/Jul/2005:09:07:34 +0100] CloseClient: error:1409F07F:SSL
routines:SSL3_WRITE_PENDING:bad write retry


Expected Results:  Daemon shouldn't crash :)

Additional info:

-- Additional comment from twaugh on 2005-08-02 08:35 EST --
How precisely are you configuring CUPS to require SSL IPP connections?  Are you
putting "Encryption Required" in cupsd.conf?  Which section are you putting it in?

-- Additional comment from peter.harvey.uk on 2005-08-15 10:13 EST --
Config file snippet:


SSLPort 443
..

<Location /printers>
 Order Deny,Allow
 Allow From x.x.x.x/24
 AuthType Basic
 AuthClass User
 Encryption required
 Satisfy all
</Location>


-- Additional comment from twaugh on 2005-08-15 12:00 EST --
2. Connect with a web browser to the web interface over the SSL port, eg:
https://cupsserver:631/printers/testprinter

Can you clarify this please?  Do you mean
'https://cupsserver:443/printers/testprinter'?

-- Additional comment from twaugh on 2005-08-15 12:01 EST --
Proposing for RHEL4 U3.

-- Additional comment from peter.harvey.uk on 2005-08-16 06:07 EST --
Yep sorry, that should've been:

SSLPort 631

-- Additional comment from twaugh on 2005-10-05 08:49 EST --
Confirmed.
Comment 2 Tim Waugh 2005-10-05 13:28:05 UTC 
Reported upstream as: http://www.cups.org/str.php?L1290
Comment 9 Red Hat Bugzilla 2006-03-15 15:50:11 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0034.html