[cups-devel] LPD breaks when bind fails from oversize address_len
Isaac Dunham
ibid.ag at gmail.com
Sat Jul 5 20:39:45 PDT 2014
OS: Alpine Linux (alpinelinux.org)
libc: musl (musl-libc.org)
compiler: GCC 4.8.2
CUPS: 1.7.3
When using the lpd protocol to print to a network printer from a computer
with the software described, I found that the lpd backend went into an
infinite loop.
Checking with strace showed a loop repeating this bit with varying ports:
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 7
bind(7, {sa_family=AF_INET, sin_port=htons(905), sin_addr=inet_addr("0.0.0.0")},
256) = -1 EINVAL (Invalid argument)
This corresponds to the port retry loop in rresvport_af(), within
backend/lpd.c
The musl maintainer pointed out that bind() was probably failing due to
address_len being 256 bytes, which is too large for a struct sockaddr_in.
Failing with errno=EINVAL is permitted for this case by POSIX 2008/2013:
The bind() function may fail if:
[EINVAL]
The address_len argument is not a valid length for the address family.
I confirmed that this was the issue by applying the attached patch,
which checks the protocol family to determine the size to pass for
address_len.
With this patch, network printing over the lpd protocol worked.
That said, the patch was implemented blindly; the AF_LOCAL section
may be entirely irrelevant.
Thanks,
Isaac Dunham
-------------- next part --------------
diff --git a/backend/lpd.c b/backend/lpd.c
index 6e4ab36..bbffb82 100644
--- a/backend/lpd.c
+++ b/backend/lpd.c
@@ -1244,6 +1244,7 @@ rresvport_af(int *port, /* IO - Port number to bind to */
{
http_addr_t addr; /* Socket address */
int fd; /* Socket file descriptor */
+ socklen_t socksz=sizeof(struct sockaddr); /* size of struct sockaddr* */
/*
@@ -1260,6 +1261,23 @@ rresvport_af(int *port, /* IO - Port number to bind to */
memset(&addr, 0, sizeof(addr));
addr.addr.sa_family = family;
+ switch(family) {
+ case AF_INET:
+ socksz = sizeof(struct sockaddr_in);
+ break;
+#ifdef AF_INET6
+ case AF_INET6:
+ socksz = sizeof(struct sockaddr_in6);
+ break;
+#endif
+#ifdef AF_LOCAL
+ case AF_LOCAL:
+ socksz = sizeof(struct sockaddr_un);
+#endif
+ default:
+ break;
+ }
+
/*
* Try to bind the socket to a reserved port...
*/
@@ -1276,7 +1294,7 @@ rresvport_af(int *port, /* IO - Port number to bind to */
* Try binding the port to the socket; return if all is OK...
*/
- if (!bind(fd, (struct sockaddr *)&addr, sizeof(addr)))
+ if (!bind(fd, (struct sockaddr *)&addr, socksz))
return (fd);
/*
More information about the cups
mailing list