[cups.bugs] [MOD] STR #3533: Allow/Deny fails for some IPv6 addresses due to parsing bug
Aaron Thompson
dev at aaront.org
Sat Mar 20 15:23:38 PDT 2010
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
CUPS parses some IPv6 addresses incorrectly which leads to incorrect
behavior of access control statements (Allow, Deny, BrowseAllow,
BrowseDeny, and BrowseRelay).
The buggy code is get_addr_and_mask in scheduler/conf.c. The parser fails
or incorrectly parses some addresses with a double-colon, and it does not
support dotted-quad addresses (RFC1884 2.2 (3)). The attached program
(using the get_addr_and_mask from svn trunk) shows the issues:
$ ./test-parse '[::]'
00000000 00000000 00000000 00000000 (correct)
$ ./test-parse '[1::]'
00010000 00000000 00000000 00000000 (correct)
$ ./test-parse '[::1]'
parse failed
$ ./test-parse '[1::2]'
00010002 00000000 00000000 00000000 (incorrect)
$ ./test-parse '[1:2::]'
00010002 00000000 00000000 00000000 (correct)
$ ./test-parse '[::1.2.3.4]'
parse failed
Please consider replacing the code with the commonly used inet_pton
implementation by Paul Vixie. That implementation is used in glibc,
Apache httpd, and others, apparently including projects on Apple's own
website:
http://www.opensource.apple.com/source/Libinfo/Libinfo-324.1/gen.subproj/inet_pton.c
Thanks.
Link: http://www.cups.org/str.php?L3533
Version: 1.4.1
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: test-parse.c
URL: <https://lists.cups.org/pipermail/cups/attachments/20100320/92713022/attachment.c>
More information about the cups
mailing list