Bug 169933 - CUPS daemon crash from IPP/SSL bug when repeatedly requesting web interface (possible DoS)
Summary: CUPS daemon crash from IPP/SSL bug when repeatedly requesting web interface (...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: cups
Version: 3.0
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Tim Waugh
QA Contact:
URL:
Whiteboard:
Depends On: 163011
Blocks: 168424
TreeView+ depends on / blocked
 
Reported: 2005-10-05 12:54 UTC by Tim Waugh
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version: RHBA-2006-0034
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-15 15:50:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0034 0 qe-ready SHIPPED_LIVE cups bug fix update 2006-03-14 05:00:00 UTC

Description Tim Waugh 2005-10-05 12:54:50 UTC 
+++ This bug was initially created as a clone of Bug #163011 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524
Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
If you configure CUPS to require SSL encrypted IPP connections it's possible to
crash the CUPS server daemon by quickly and repeatedly requesting pages from the
web interface.

Version-Release number of selected component (if applicable):
cups-1.1.22-0.rc1.9.6

How reproducible:
Always

Steps to Reproduce:
1. Configure CUPS to require SSL IPP connections.
2. Connect with a web browser to the web interface over the SSL port, eg:
https://cupsserver:631/printers/testprinter
3. Hit refresh in the browser quickly several times, the CUPS daemon will crash
after ~3 refreshes.
  

Actual Results:  CUPS daemon crashes with the following in /var/log/cups/error_log:
E [12/Jul/2005:09:07:34 +0100] CloseClient: error:1409F07F:SSL
routines:SSL3_WRITE_PENDING:bad write retry
E [12/Jul/2005:09:07:34 +0100] CloseClient: error:1409F07F:SSL
routines:SSL3_WRITE_PENDING:bad write retry


Expected Results:  Daemon shouldn't crash :)

Additional info:

-- Additional comment from twaugh on 2005-08-02 08:35 EST --
How precisely are you configuring CUPS to require SSL IPP connections?  Are you
putting "Encryption Required" in cupsd.conf?  Which section are you putting it in?

-- Additional comment from peter.harvey.uk on 2005-08-15 10:13 EST --
Config file snippet:


SSLPort 443
..

<Location /printers>
 Order Deny,Allow
 Allow From x.x.x.x/24
 AuthType Basic
 AuthClass User
 Encryption required
 Satisfy all
</Location>


-- Additional comment from twaugh on 2005-08-15 12:00 EST --
2. Connect with a web browser to the web interface over the SSL port, eg:
https://cupsserver:631/printers/testprinter

Can you clarify this please?  Do you mean
'https://cupsserver:443/printers/testprinter'?

-- Additional comment from twaugh on 2005-08-15 12:01 EST --
Proposing for RHEL4 U3.

-- Additional comment from peter.harvey.uk on 2005-08-16 06:07 EST --
Yep sorry, that should've been:

SSLPort 631

-- Additional comment from twaugh on 2005-10-05 08:49 EST --
Confirmed.
Comment 2 Tim Waugh 2005-10-05 13:28:05 UTC 
Reported upstream as: http://www.cups.org/str.php?L1290
Comment 9 Red Hat Bugzilla 2006-03-15 15:50:11 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0034.html
Note You need to log in before you can comment on or make changes to this bug.