rpms / cups

Clone
Source Code
GIT

Files

2.0 enumdest f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main private-zdohnal-devel rawhide
  1.   f34
  2.   0001-cups-http-support.c-Apply-DigestOptions-to-RFC-2069-.patch
Blob Blame History Raw 
From 887041aaa3f61b87c55b2a746a8813be3d584034 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Fri, 19 Nov 2021 12:23:08 +0100
Subject: [PATCH] cups/http-support.c: Apply DigestOptions to RFC 2069 support

Earlier we applied DigestOptions only for devices which implement RFC
2617 or RFC 7616, this commit applies it even for RFC 2069 support.

This issue came up during CentOS Stream/RHEL 9 development, where MD5
digest is marked as insecure for authentication/authorization, so it
should be turned off in default configurations to prevent security
issues.
---
 cups/http-support.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cups/http-support.c b/cups/http-support.c
index 209235ee6..3d1208789 100644
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1430,6 +1430,12 @@ _httpSetDigestAuthString(
     * Use old RFC 2069 Digest method...
     */
 
+    if (cg->digestoptions == _CUPS_DIGESTOPTIONS_DENYMD5)
+    {
+      DEBUG_puts("3_httpSetDigestAuthString: MD5 Digest is disabled.");
+      return (0);
+    }
+
     /* H(A1) = H(username:realm:password) */
     snprintf(temp, sizeof(temp), "%s:%s:%s", username, http->realm, password);
     hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
-- 
2.31.1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.