http.c: Fix infinite loop in GTK print dialog

GTK has a specific IPP processing which stopped working after
CVE-2025-58436 fix. GTK depends on internal behavior of `_httpUpdate()`
which read a line from connection at the start of function, which was
one of culprits behind CVE-2025-58436.

To mitigate CVE-2025-58436 `_httpUpdate()` started to read from
connection only if there was data in internal HTTP buffer and there
was at least one newline buffered - otherwise the function returns
HTTP_ERROR/HTTP_CONTINUE, which caused the loop in GTK.

The change which fixes GTK behavior in the PR is to read data from
connection at the start of `_httpUpdate()` for non-blocking connections
immediately with no timeout if internal HTTP buffer is not full. The
change mitigates the CVE as well as the previous implementation.

Fixes #1429

diff --git a/cups/http.c b/cups/http.c
index 5cc41c3c05c8730f66c14e20c4ae52d8b4a08e9c..d6523aa393f9f6b9a671e117fad920858c9d9505 100644 (file)
--- a/cups/http.c
+++ b/cups/http.c
@@ -2909,7 +2909,7 @@ _httpUpdate(http_t        *http,  // I - HTTP connection
     // See whether our read buffer is full...
     DEBUG_printf("2_httpUpdate: used=%d", http->used);
 
-    if (http->used > 0 && !memchr(http->buffer, '\n', (size_t)http->used) && (size_t)http->used < sizeof(http->buffer))
+    if ((size_t)http->used < sizeof(http->buffer))
     {
       // No, try filling in more data...
       if ((bytes = http_read(http, http->buffer + http->used, sizeof(http->buffer) - (size_t)http->used, /*timeout*/0)) > 0)