Bug#543539: cups: the web interface doesn't accept passwords longer than 32 chars.
Package: cups
Version: 1.3.8-1+lenny6
Severity: important
Tags: patch
Dear maintainer,
In my quest to get my printer usable (see also #542640). I have found
that the cups web interface doesn't accept passwords longer than 32
chars and fails with a blank page.
32 correspond to the length of a md5 hash. A define MAX_USERPASSWORD was
defined but not used.
I have written a patch; it sets MAX_USERPASSWORD to 128 and uses it. I
have also added the define MD5_HASHLEN with the value 33.
The patch seems to work. Any suggestion will be appreciated.
Best Regards.
-- Louis Opter
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cups depends on:
ii adduser 3.110 add and remove users and groups
ii cups-common 1.3.8-1+lenny6 Common UNIX Printing System(tm) -
ii debconf [debcon 1.5.24 Debian configuration management sy
ii ghostscript 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii libavahi-compat 0.6.23-3lenny1 Avahi Apple Bonjour compatibility
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcups2 1.3.8-1+lenny6 Common UNIX Printing System(tm) -
ii libcupsimage2 1.3.8-1+lenny6 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.1-5+lenny1 simple interprocess messaging syst
ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr
ii libkrb53 1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
ii libpaper1 1.1.23+nmu1 library for handling paper charact
ii libslp1 1.2.1-7.5 OpenSLP libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii perl-modules 5.10.0-19 Core Perl modules
ii poppler-utils [ 0.8.7-2 PDF utilitites (based on libpopple
ii procps 1:3.2.7-11 /proc file system utilities
ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL
Versions of packages cups recommends:
pn avahi-utils <none> (no description available)
ii cups-client 1.3.8-1+lenny6 Common UNIX Printing System(tm) -
ii foomatic-filters 3.0.2-20080211-3.2 OpenPrinting printer support - fil
pn smbclient <none> (no description available)
Versions of packages cups suggests:
ii cups-bsd 1.3.8-1+lenny6 Common UNIX Printing System(tm) -
pn cups-driver-gutenprint <none> (no description available)
ii cups-pdf 2.4.8-3 PDF printer for CUPS
ii foomatic-db 20080211-2+nmu1 OpenPrinting printer support - dat
ii foomatic-db-engine 3.0.2-20080211-1 OpenPrinting printer support - pro
ii hplip 2.8.6.b-4 HP Linux Printing and Imaging Syst
pn xpdf-korean | xpdf-japa <none> (no description available)
-- debconf information:
* cupsys/raw-print: true
* cupsys/backend: usb
diff -u cups-1.3.8-orig/scheduler/auth.c cups-1.3.8/scheduler/auth.c
--- cups-1.3.8-orig/scheduler/auth.c 2008-04-21 19:13:22.000000000 -0400
+++ cups-1.3.8/scheduler/auth.c 2009-08-25 11:59:12.000000000 -0400
@@ -115,7 +115,7 @@
const char *con_server_name);
#endif /* HAVE_GSSAPI */
static char *get_md5_password(const char *username,
- const char *group, char passwd[33]);
+ const char *group, char passwd[MD5_HASHLEN]);
#if HAVE_LIBPAM
static int pam_func(int, const struct pam_message **,
struct pam_response **, void *);
@@ -131,8 +131,8 @@
#if HAVE_LIBPAM
typedef struct cupsd_authdata_s /**** Authentication data ****/
{
- char username[33], /* Username string */
- password[33]; /* Password string */
+ char username[MAX_USERPASS], /* Username string */
+ password[MAX_USERPASS]; /* Password string */
} cupsd_authdata_t;
#endif /* HAVE_LIBPAM */
@@ -339,12 +339,12 @@
int type; /* Authentication type */
const char *authorization; /* Pointer into Authorization string */
char *ptr, /* Pointer into string */
- username[256], /* Username string */
- password[33]; /* Password string */
+ username[MAX_USERPASS], /* Username string */
+ password[MAX_USERPASS]; /* Password string */
cupsd_cert_t *localuser; /* Certificate username */
char nonce[HTTP_MAX_VALUE], /* Nonce value from client */
- md5[33], /* MD5 password */
- basicmd5[33]; /* MD5 of Basic password */
+ md5[MD5_HASHLEN], /* MD5 password */
+ basicmd5[MD5_HASHLEN]; /* MD5 of Basic password */
static const char * const states[] = /* HTTP client states... */
{
"WAITING",
@@ -1282,7 +1282,7 @@
{
int i; /* Looping var */
struct group *group; /* System group info */
- char junk[33]; /* MD5 password (not used) */
+ char junk[MD5_HASHLEN]; /* MD5 password (not used) */
#ifdef HAVE_MBR_UID_TO_UUID
uuid_t useruuid, /* UUID for username */
groupuuid; /* UUID for groupname */
@@ -2516,13 +2516,13 @@
static char * /* O - MD5 password string */
get_md5_password(const char *username, /* I - Username */
const char *group, /* I - Group */
- char passwd[33]) /* O - MD5 password string */
+ char passwd[MD5_HASHLEN]) /* O - MD5 password string */
{
cups_file_t *fp; /* passwd.md5 file */
char filename[1024], /* passwd.md5 filename */
line[256], /* Line from file */
- tempuser[33], /* User from file */
- tempgroup[33]; /* Group from file */
+ tempuser[MAX_USERPASS], /* User from file */
+ tempgroup[MAX_USERPASS]; /* Group from file */
cupsdLogMessage(CUPSD_LOG_DEBUG2,
diff -u cups-1.3.8-orig/scheduler/cupsd.h cups-1.3.8/scheduler/cupsd.h
--- cups-1.3.8-orig/scheduler/cupsd.h 2008-02-15 18:26:51.000000000 -0500
+++ cups-1.3.8/scheduler/cupsd.h 2009-08-25 11:23:38.000000000 -0400
@@ -74,13 +74,14 @@
# define TRUE (!FALSE)
#endif /* !FALSE */
+#define MD5_HASHLEN 33
/*
* Implementation limits...
*/
#define MAX_ENV 100 /* Maximum number of environment strings */
-#define MAX_USERPASS 33 /* Maximum size of username/password */
+#define MAX_USERPASS 128 /* Maximum size of username/password */
#define MAX_FILTERS 20 /* Maximum number of filters */
#define MAX_SYSTEM_GROUPS 32 /* Maximum number of system groups */
Reply to: