Bug#517718: cups: Cups web frontend live lock with HostNameLookups Double and unix domain socket client connection
Package: cups
Version: 1.3.8-1lenny4.1
Severity: normal
Tags: patch
The cupds server always rejects AF_LOCAL (unix domain sockets)
when HostNameLookups Double is configured in cupsd.conf.
This leads to a livelock with the webfrontend if no
/etc/cups/client.conf is present (debian default).
The patch to fix the problem is attached. It disables
DNS reverse lookups for localhost connections be it
from 127.0.0.1 (IPv4), ::1 (IPv6), or unix domain sockets.
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-openvz-028stab060.2 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cups depends on:
ii adduser 3.110 add and remove users and groups
ii cups-common 1.3.8-1lenny4.1 Common UNIX Printing System(tm) -
ii debconf [debconf-2 1.5.24 Debian configuration management sy
ii ghostscript 8.62.dfsg.1-3.2lenny0 The GPL Ghostscript PostScript/PDF
ii libavahi-compat-li 0.6.23-3lenny1 Avahi Apple Bonjour compatibility
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcups2 1.3.8-1lenny4.1 Common UNIX Printing System(tm) -
ii libcupsimage2 1.3.8-1lenny4.1 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.1-5 simple interprocess messaging syst
ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr
ii libkrb53 1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libpam0g 1.0.1-5 Pluggable Authentication Modules l
ii libpaper1 1.1.23+nmu1 library for handling paper charact
ii libslp1 1.2.1-7.5 OpenSLP libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii perl-modules 5.10.0-19 Core Perl modules
ii procps 1:3.2.7-11 /proc file system utilities
ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL
ii xpdf-utils [popple 3.02-1.4 Portable Document Format (PDF) sui
Versions of packages cups recommends:
pn avahi-utils <none> (no description available)
ii cups-client 1.3.8-1lenny4.1 Common UNIX Printing System(tm) -
ii foomatic-filters 3.0.2-20080211-3.2 OpenPrinting printer support - fil
pn smbclient <none> (no description available)
Versions of packages cups suggests:
ii cups-bsd 1.3.8-1lenny4.1 Common UNIX Printing System(tm) -
pn cups-driver-gutenprint <none> (no description available)
pn cups-pdf <none> (no description available)
ii foomatic-db 20080211-2+nmu1 OpenPrinting printer support - dat
ii foomatic-db-engine 3.0.2-20080211-1 OpenPrinting printer support - pro
pn hplip <none> (no description available)
pn xpdf-korean | xpdf-japa <none> (no description available)
-- debconf information:
cupsys/raw-print: true
cupsys/backend: ipp, lpd, parallel, scsi, serial, socket, usb, snmp, dnssd
#! /bin/sh /usr/share/dpatch/dpatch-run
## HostNameLookups_Double_AF_LOCAL.dpatch by Joachim Falk <joachim.falk@gmx.de>
##
## DP: Fix HostNameLookups Double in conjuction with AF_LOCAL connections.
@DPATCH@
--- orig/scheduler/client.c.orig 2009-02-26 22:34:25.000000000 +0100
+++ new/scheduler/client.c 2009-02-26 22:45:49.000000000 +0100
@@ -279,32 +279,39 @@
}
}
- if (hostname == NULL && HostNameLookups == 2)
+ /*
+ * Check for presence of a localhost client. These clients do not
+ * need DNS reverse lookup matching. More importantly this also
+ * includes AF_LOCAL connections for which DNS reverse lookup
+ * makes no sense. This fixes a BUG where AF_LOCAL connections
+ * where always rejected when DNS reverse lookup is enabled.
+ */
+ if (!httpAddrLocalhost(con->http.hostaddr) && HostNameLookups == 2)
{
- /*
- * Can't have an unresolved IP address with double-lookups enabled...
- */
+ if (hostname == NULL)
+ {
+ /*
+ * Can't have an unresolved IP address with double-lookups enabled...
+ */
- cupsdLogMessage(CUPSD_LOG_DEBUG2,
- "cupsdAcceptClient: Closing connection %d...",
- con->http.fd);
+ cupsdLogMessage(CUPSD_LOG_DEBUG2,
+ "cupsdAcceptClient: Closing connection %d...",
+ con->http.fd);
#ifdef WIN32
- closesocket(con->http.fd);
+ closesocket(con->http.fd);
#else
- close(con->http.fd);
+ close(con->http.fd);
#endif /* WIN32 */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "Name lookup failed - connection from %s closed!",
- con->http.hostname);
+ cupsdLogMessage(CUPSD_LOG_WARN,
+ "Name lookup failed - connection from %s closed!",
+ con->http.hostname);
- free(con);
- return;
- }
+ free(con);
+ return;
+ }
- if (HostNameLookups == 2)
- {
/*
* Do double lookups as needed...
*/
Reply to: