[Pkg-cups-devel] Bug#506180: Bug#506180: CUPS: daemon crashes when adding more than 100 rss subscriptions

[Raphael Geissert]

2008/11/20 Martin Pitt <mpitt at debian.org>:
> Raphael Geissert [2008-11-19 16:13 -0600]:
>> I did manage to reproduce it in 1.3.8-1lenny2, so whatever was changed
>> didn't actually fix the bug.
>
> Hm, all I get is a hanging browser, because it spits out hundreds of
> empty message boxes. I wouldn't exactly call that a browser
> vulnerability, it's just a JavaScript lifelock, but it didn't cause
> cups to crash here.

If I log into the web interface before running the exploit it does
crash cups (and if I don't login at least konqueror doesn't hang:).

>
> Did you get the same?

On the first execution of the exploit it only inserts 95 feeds and
doesn't crash, but if I re run the exploit (with a different feed
name) when after it reaches 100 feeds in total (first run + second
run) cupsd crashes.

> Can you please run "cupsctl --debug-logging",
> then run the reproducer, and attach /var/log/cups/error_log
> afterwards?

Done

>
> Thanks,
>
> Martin
>
> --
> Martin Pitt                        | http://www.piware.de
> Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
>


Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Lily Tomlin  - "The trouble with the rat race is that even if you win,
you're still a rat."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: error_log.gz
Type: application/x-gzip
Size: 9396 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20081120/3948d029/attachment-0001.bin