[cups.bugs] [LOW] STR #1887: BrowseRelay in 1.2.2 doesn't work
Arne Nordmark
nordmark at mech.kth.se
Mon Aug 7 06:12:31 PDT 2006
[STR New]
This is the same issue reported in STR #1745, so I will not supply much
more detail on the symptoms here.
The code in question in schelduler/dirsvc.c looks like:
/*
* Do relaying...
*/
for (i = 0; i < NumRelays; i ++)
if (cupsdCheckAuth(address, srcname, len, 1, &(Relays[i].from)))
if (sendto(BrowseSocket, packet, bytes, 0,
(struct sockaddr *)&(Relays[i].to),
sizeof(http_addr_t)) <= 0)
{
cupsdLogMessage(CUPSD_LOG_ERROR,
"cupsdUpdateCUPSBrowse: sendto failed for relay %d -
%s.",
i + 1, strerror(errno));
cupsFreeOptions(num_attrs, attrs);
return;
}
The address length argument of the sendto() call on line 1471 does not
seem right. On my system (Debian GNU/Linux Etch, gcc 4.0, libc 2.3.6,
kernel 2.6.16), the address length
sizeof(http_addr_t)
evaluates to 256, and the call fails with EINVAL. If I change the address
length to
sizeof(struct sockaddr_in)
(which evaluates to 16) the error disappears, and BrowseRelay works again.
The level of syscall argument validation that takes place may vary on
different platforms, of course, so this bug may not show up on all
systems.
Link: http://www.cups.org/str.php?L1887
Version: 1.2.2
More information about the cups
mailing list