[cups.bugs] [HIGH] STR #3238: DNS rebinding protection regression because "::1" is not allowed
jsmeix.suse
jsmeix at suse.de
Fri Jun 26 04:59:33 PDT 2009
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
For the primary bug report see
https://bugzilla.novell.com/show_bug.cgi?id=516511
I run CUPS 1.3.10 on an openSUSE 11.1 i586 system.
In CUPS 1.3.9 the command
lpoptions -h localhost -p <queue_name> -l
works on my openSUSE 11.1 workstation.
But in CUPS 1.3.10 the command results a
"lpoptions: Unable to get PPD file for lj1220: Bad Request"
error message but the command
lpoptions -p <queue_name> -l
still works.
Setting "ServerAlias *" in /etc/cups/cupsd.conf does not help.
The command
lpoptions -h localhost -p <queue_name> -l
results in /var/log/cups/error_log there is the warning
W ... Request from "localhost" using invalid Host: field "::1"
but "::1" is the IPv6 loopback IP address for "localhost".
The attached cups-1.3.10-fix-DNS-rebinding-protection.patch
fixes the issue by adding "::1" in scheduler/client.c
to the whitelist of IP addresses for "localhost"
which are allowed in any case for connections
via the loopback interface.
This solves the issue at least for me but I do not have
the full understanding if it is really a correct solution
in particular because other commands like
lpadmin -h localhost ...
work well with CUPS 1.3.10 on my openSUSE 11.1 workstation
even without the patch.
Link: http://www.cups.org/str.php?L3238
Version: 1.3.10
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cups-1.3.10-fix-DNS-rebinding-protection.patch
URL: <http://lists.cups.org/pipermail/cups-devel/attachments/20090626/0c6f23a6/attachment.ksh>
More information about the cups-devel
mailing list