hp backend fails if empty input (possibly DOS attack)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| HPLIP |
Triaged
|
Undecided
|
Unassigned | ||
Bug Description
I am using HPLIP 2.8.2 from
http://
with a LaserJet 1220 with Foomatic/hpijs driver
with CUPS 1.3.5 from
http://
on openSUSE 10.3
When I print (almost) empty input using
echo -en '\r' | lp -d HP_LaserJet_1220
I get in /var/log/
an endless sequence of such messages
... prnt/backend/hp.c 561: ERROR: -1080593364 other; will retry in 30 seconds...
until I cancel the print job.
Furthermore while the job is pending neither
"lpstat -p HP_LaserJet_1220" nor "lpstat -o HP_LaserJet_1220"
show a message which indicates any problem. Both show
normal printing operation.
There are three bugs here:
A minor bug:
The error message "ERROR: -1080593364 other"
is meaningless.
It should show a meaningful info what the reason is.
A normal bug:
Whenever there is a problem, the backend should output
a matching meaningful message via stderr so that the user
is informed (and clear it when the problem is gone).
A major bug:
A denial of service attack is possible just by sending
(almost) empty input.
The backend should not do an endless loop if the reason
of a problem can never go away.
I think an endless retry is right when the backend fails to
establish the communication with the device, see
https:/
But in this case the communication with the device works.
I guess in this case only the reason is wrong detected.
The backend thinks a retry might help but actually
a retry is useless in this case.
Nevertheless I think this kind of DOS attack is not severe
enough to be a real security vulnerability because a simple
cancel of the job helps.
| Changed in hplip: | |
| status: | New → Triaged |
| David Suffield (david-suffield) wrote | #1 |
The next hplip release should handle bogus null print jobs.
-dave