Bug#483183: cups: Cups web frontend live lock with HostNameLookups Double and unix domain socket client connection

Joachim Falk Sun, 01 Mar 2009 09:12:04 -0800

Package: cups
Version: 1.3.8-1lenny4.1
Followup-For: Bug #483183


The cupds server always rejects AF_LOCAL (unix domain sockets)
when HostNameLookups Double is configured in cupsd.conf.
This leads to a livelock with the webfrontend if no
/etc/cups/client.conf is present (debian default).
The patch to fix the problem is attached. It disables
DNS reverse lookups for localhost connections be it
from 127.0.0.1 (IPv4), ::1 (IPv6), or unix domain sockets.

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18-openvz-028stab060.2 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cups depends on:
ii  adduser            3.110                 add and remove users and groups
ii  cups-common        1.3.8-1lenny4.1       Common UNIX Printing System(tm) - 
ii  debconf [debconf-2 1.5.24                Debian configuration management sy
ii  ghostscript        8.62.dfsg.1-3.2lenny0 The GPL Ghostscript PostScript/PDF
ii  libavahi-compat-li 0.6.23-3lenny1        Avahi Apple Bonjour compatibility 
ii  libc6              2.7-18                GNU C Library: Shared libraries
ii  libcups2           1.3.8-1lenny4.1       Common UNIX Printing System(tm) - 
ii  libcupsimage2      1.3.8-1lenny4.1       Common UNIX Printing System(tm) - 
ii  libdbus-1-3        1.2.1-5               simple interprocess messaging syst
ii  libgnutls26        2.4.2-6+lenny1        the GNU TLS library - runtime libr
ii  libkrb53           1.6.dfsg.4~beta1-5    MIT Kerberos runtime libraries
ii  libldap-2.4-2      2.4.11-1              OpenLDAP libraries
ii  libpam0g           1.0.1-5               Pluggable Authentication Modules l
ii  libpaper1          1.1.23+nmu1           library for handling paper charact
ii  libslp1            1.2.1-7.5             OpenSLP libraries
ii  lsb-base           3.2-20                Linux Standard Base 3.2 init scrip
ii  perl-modules       5.10.0-19             Core Perl modules
ii  procps             1:3.2.7-11            /proc file system utilities
ii  ssl-cert           1.0.23                simple debconf wrapper for OpenSSL
ii  xpdf-utils [popple 3.02-1.4              Portable Document Format (PDF) sui

Versions of packages cups recommends:
pn  avahi-utils           <none>             (no description available)
ii  cups-client           1.3.8-1lenny4.1    Common UNIX Printing System(tm) - 
ii  foomatic-filters      3.0.2-20080211-3.2 OpenPrinting printer support - fil
pn  smbclient             <none>             (no description available)

Versions of packages cups suggests:
ii  cups-bsd                1.3.8-1lenny4.1  Common UNIX Printing System(tm) - 
pn  cups-driver-gutenprint  <none>           (no description available)
pn  cups-pdf                <none>           (no description available)
ii  foomatic-db             20080211-2+nmu1  OpenPrinting printer support - dat
ii  foomatic-db-engine      3.0.2-20080211-1 OpenPrinting printer support - pro
pn  hplip                   <none>           (no description available)
pn  xpdf-korean | xpdf-japa <none>           (no description available)

-- debconf information:
  cupsys/raw-print: true
  cupsys/backend: ipp, lpd, parallel, scsi, serial, socket, usb, snmp, dnssd

#! /bin/sh /usr/share/dpatch/dpatch-run
## HostNameLookups_Double_AF_LOCAL.dpatch by Joachim Falk <joachim.f...@gmx.de>
##
## DP: Fix HostNameLookups Double in conjuction with AF_LOCAL connections.
@DPATCH@
--- orig/scheduler/client.c.orig	2009-02-26 22:34:25.000000000 +0100
+++ new/scheduler/client.c	2009-02-26 22:45:49.000000000 +0100
@@ -279,32 +279,39 @@
     }
   }
 
-  if (hostname == NULL && HostNameLookups == 2)
+  /*
+   * Check for presence of a localhost client. These clients do not
+   * need DNS reverse lookup matching. More importantly this also
+   * includes AF_LOCAL connections for which DNS reverse lookup
+   * makes no sense. This fixes a BUG where AF_LOCAL connections
+   * where always rejected when DNS reverse lookup is enabled.
+   */
+  if (!httpAddrLocalhost(con->http.hostaddr) && HostNameLookups == 2)
   {
-   /*
-    * Can't have an unresolved IP address with double-lookups enabled...
-    */
+    if (hostname == NULL)
+    {
+     /*
+      * Can't have an unresolved IP address with double-lookups enabled...
+      */
 
-    cupsdLogMessage(CUPSD_LOG_DEBUG2,
-                    "cupsdAcceptClient: Closing connection %d...",
-                    con->http.fd);
+      cupsdLogMessage(CUPSD_LOG_DEBUG2,
+                      "cupsdAcceptClient: Closing connection %d...",
+                      con->http.fd);
 
 #ifdef WIN32
-    closesocket(con->http.fd);
+      closesocket(con->http.fd);
 #else
-    close(con->http.fd);
+      close(con->http.fd);
 #endif /* WIN32 */
 
-    cupsdLogMessage(CUPSD_LOG_WARN,
-                    "Name lookup failed - connection from %s closed!",
-                    con->http.hostname);
+      cupsdLogMessage(CUPSD_LOG_WARN,
+                      "Name lookup failed - connection from %s closed!",
+                      con->http.hostname);
 
-    free(con);
-    return;
-  }
+      free(con);
+      return;
+    }
 
-  if (HostNameLookups == 2)
-  {
    /*
     * Do double lookups as needed...
     */

Bug#483183: cups: Cups web frontend live lock with HostNameLookups Double and unix domain socket client connection

Reply via email to