[cups] Potential Scheduler crash with security scan - web interface port

[Dylan Stewart]

We are currently investigating a crash of the cupsd process that is giving
minimal logging.   What we have found in the error_log is that there appears
to be some interaction with the web interface right before the crash occurs.
 So far we have only been able to get the default info level logging and
will post debug logging if/when we can reproduce with that level of logging. 

We are currently using CUPS 1.4.7 (and we know this is old and are looking
to upgrade but validation is pending).  We did not have any filesystems fill
up and found nothing to note in /var/log/messages.   RHEL 6.4 and RHEL 6.6
are the OS versions we have seen this on so far.

Here is an example of the most recent crash where the last entry was a login
to the web interface:

I [30/Jan/2016:15:11:48 -0700] Saving job cache file
"/var/cache/cups/job.cache"...
I [30/Jan/2016:15:12:04 -0700] Saving job cache file
"/var/cache/cups/job.cache"...
I [30/Jan/2016:15:12:04 -0700] Saving job cache file
"/var/cache/cups/job.cache"...
I [30/Jan/2016:15:12:33 -0700] Started "/usr/lib/cups/cgi-bin/admin.cgi"
(pid=87331)
I [30/Jan/2016:15:12:33 -0700] Started "/usr/lib/cups/cgi-bin/admin.cgi"
(pid=87332)
I [30/Jan/2016:15:12:33 -0700] Started "/usr/lib/cups/cgi-bin/admin.cgi"
(pid=87333)

***Crash sometime here***

I [30/Jan/2016:17:31:25 -0700] Listening to 0.0.0.0:631 (IPv4)
I [30/Jan/2016:17:31:25 -0700] Listening to [v1.::]:631 (IPv6)
I [30/Jan/2016:17:31:25 -0700] Listening to /var/run/cups/cups.sock (Domain)
W [30/Jan/2016:17:31:25 -0700] No limit for CUPS-Get-Document defined in
policy default - using Send-Document's policy
I [30/Jan/2016:17:31:25 -0700] Remote access is enabled.


Here is another instance that shows a login to the interface as well as some
"Bad URI" calls:

I [29/Jan/2016:13:06:08 -0500] Saving job cache file
"/var/cache/cups/job.cache"...
I [29/Jan/2016:13:06:09 -0500] Saving job cache file
"/var/cache/cups/job.cache"...
I [29/Jan/2016:13:06:09 -0500] Saving job cache file
"/var/cache/cups/job.cache"...
I [29/Jan/2016:13:06:20 -0500] Saving job cache file
"/var/cache/cups/job.cache"...
I [29/Jan/2016:13:06:20 -0500] Saving job cache file
"/var/cache/cups/job.cache"...
I [29/Jan/2016:13:06:29 -0500] Started "/usr/lib/cups/cgi-bin/admin.cgi"
(pid=10554)
I [29/Jan/2016:13:06:29 -0500] Started "/usr/lib/cups/cgi-bin/admin.cgi"
(pid=10563)
E [29/Jan/2016:13:06:29 -0500] Bad URI "%." in request!
E [29/Jan/2016:13:06:29 -0500] Bad URI "%server.policy" in request!
E [29/Jan/2016:13:06:29 -0500] Bad URI "%login-config.xml" in request!
E [29/Jan/2016:13:06:29 -0500] Bad URI "%org/jboss/version.properties" in
request!
E [29/Jan/2016:13:06:29 -0500] Bad URI "%org/jboss/version.properties" in
request!
I [29/Jan/2016:13:06:29 -0500] Started "/usr/lib/cups/cgi-bin/admin.cgi"
(pid=10609)
I [29/Jan/2016:13:06:29 -0500] Started "/usr/lib/cups/cgi-bin/admin.cgi"
(pid=10613)

***Crash sometime here***

I [29/Jan/2016:14:39:01 -0500] Listening to 0.0.0.0:631 (IPv4)
I [29/Jan/2016:14:39:01 -0500] Listening to [v1.::]:631 (IPv6)
I [29/Jan/2016:14:39:01 -0500] Listening to /var/run/cups/cups.sock (Domain) 



Has anyone else seen something like this or know if this is corrected in a
later version?