Skip to content

http.c: Fix infinite loop in GTK apps #1439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zdohnal merged 1 commit into from
Dec 3, 2025
Merged

http.c: Fix infinite loop in GTK apps #1439

zdohnal merged 1 commit into from
Dec 3, 2025
+1 −1

Conversation

@zdohnal
Copy link
Member

@zdohnal zdohnal commented Dec 2, 2025

GTK has a specific IPP processing which stopped working after fix for CVE-2025-58436. GTK depended on internal behavior of _httpUpdate() which read a line from connection regardless of already buffered data.

To mitigate CVE-2025-58436 _httpUpdate() started to read another data from connection only if there is already a line buffered in internal HTTP structure in order to prevent being stuck on slow clients - the function now returns HTTP_STATUS_CONTINUE in such cases.

The fix which fixes GTK behavior here, which caused the GTK print dialogs not being opened at all, is to read from the connection if we have a signal there are data to read, and only if there is no newline after this data read, return error/continue to client.

Fixes #1429

@zdohnal zdohnal requested a review from michaelrsweet December 2, 2025 09:55
michaelrsweet
michaelrsweet requested changes Dec 2, 2025
View reviewed changes
Copy link
Member

@michaelrsweet michaelrsweet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comment.

@zdohnal zdohnal force-pushed the read-from-socket-if-ready branch from c500817 to cde750c Compare December 3, 2025 08:38
@zdohnal
http.c: Fix infinite loop in GTK print dialog
6efa179 
GTK has a specific IPP processing which stopped working after
CVE-2025-58436 fix. GTK depends on internal behavior of `_httpUpdate()`
which read a line from connection at the start of function, which was
one of culprits behind CVE-2025-58436.

To mitigate CVE-2025-58436 `_httpUpdate()` started to read from
connection only if there was data in internal HTTP buffer and there
was at least one newline buffered - otherwise the function returns
HTTP_ERROR/HTTP_CONTINUE, which caused the loop in GTK.

The change which fixes GTK behavior in the PR is to read data from
connection at the start of `_httpUpdate()` for non-blocking connections
immediately with no timeout if internal HTTP buffer is not full. The
change mitigates the CVE as well as the previous implementation.

Fixes OpenPrinting#1429
@zdohnal zdohnal force-pushed the read-from-socket-if-ready branch from cde750c to 6efa179 Compare December 3, 2025 08:39
@zdohnal zdohnal merged commit a071f2c into OpenPrinting:master Dec 3, 2025
5 of 6 checks passed
michaelrsweet added a commit that referenced this pull request Dec 3, 2025
@michaelrsweet
Fix an infinite loop issue in GTK+ (Issue #1439)
2dc021f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelrsweet michaelrsweet michaelrsweet requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CUPS 2.4.15 freezes apps requesting the GTK print dialog

2 participants

@zdohnal @michaelrsweet