[cups] Potential Scheduler crash with security scan - web interface port

Mills,Kendall KMILLS at CERNER.COM
Fri May 13 06:27:28 PDT 2016 

Even though you have disk space available have you checked to make sure you do not have a large amount of backend up or uncrossed print request.
I use the # lpstat -o | grep - | wc -l
To get a total of pending jobs.

Have seen issues in the past that the job that was pending to print in a print queue was so old the data file have been purged and it caused a process to hang.
Just a thought.

-----Original Message-----
From: cups-bounces at cups.org [mailto:cups-bounces at cups.org] On Behalf Of Dylan Stewart
Sent: Thursday, May 12, 2016 5:13 PM
To: cups at cups.org
Subject: Re: [cups] Potential Scheduler crash with security scan - web interface port

Dylan Stewart <ds015516 at ...> writes:

> 
> We are currently investigating a crash of the cupsd process that is giving
> minimal logging.   What we have found in the error_log is that there appears
> to be some interaction with the web interface right before the crash occurs.
>  So far we have only been able to get the default info level logging 
> and will post debug logging if/when we can reproduce with that level of logging.
> 
> We are currently using CUPS 1.4.7 (and we know this is old and are 
> looking to upgrade but validation is pending).  We did not have any filesystems fill
> up and found nothing to note in /var/log/messages.   RHEL 6.4 and RHEL 6.6
> are the OS versions we have seen this on so far.
> 
> Here is an example of the most recent crash where the last entry was a 
> login to the web interface:
> 
> I [30/Jan/2016:15:11:48 -0700] Saving job cache file 
> "/var/cache/cups/job.cache"...
> I [30/Jan/2016:15:12:04 -0700] Saving job cache file 
> "/var/cache/cups/job.cache"...
> I [30/Jan/2016:15:12:04 -0700] Saving job cache file 
> "/var/cache/cups/job.cache"...
> I [30/Jan/2016:15:12:33 -0700] Started "/usr/lib/cups/cgi-bin/admin.cgi"
> (pid=87331)
> I [30/Jan/2016:15:12:33 -0700] Started "/usr/lib/cups/cgi-bin/admin.cgi"
> (pid=87332)
> I [30/Jan/2016:15:12:33 -0700] Started "/usr/lib/cups/cgi-bin/admin.cgi"
> (pid=87333)
> 
> ***Crash sometime here***
> 
> I [30/Jan/2016:17:31:25 -0700] Listening to 0.0.0.0:631 (IPv4) I 
> [30/Jan/2016:17:31:25 -0700] Listening to [v1.::]:631 (IPv6) I 
> [30/Jan/2016:17:31:25 -0700] Listening to /var/run/cups/cups.sock 
> (Domain) W [30/Jan/2016:17:31:25 -0700] No limit for CUPS-Get-Document 
> defined in policy default - using Send-Document's policy I 
> [30/Jan/2016:17:31:25 -0700] Remote access is enabled.
> 
> Here is another instance that shows a login to the interface as well 
> as some "Bad URI" calls:
> 
> I [29/Jan/2016:13:06:08 -0500] Saving job cache file 
> "/var/cache/cups/job.cache"...
> I [29/Jan/2016:13:06:09 -0500] Saving job cache file 
> "/var/cache/cups/job.cache"...
> I [29/Jan/2016:13:06:09 -0500] Saving job cache file 
> "/var/cache/cups/job.cache"...
> I [29/Jan/2016:13:06:20 -0500] Saving job cache file 
> "/var/cache/cups/job.cache"...
> I [29/Jan/2016:13:06:20 -0500] Saving job cache file 
> "/var/cache/cups/job.cache"...
> I [29/Jan/2016:13:06:29 -0500] Started "/usr/lib/cups/cgi-bin/admin.cgi"
> (pid=10554)
> I [29/Jan/2016:13:06:29 -0500] Started "/usr/lib/cups/cgi-bin/admin.cgi"
> (pid=10563)
> E [29/Jan/2016:13:06:29 -0500] Bad URI "%." in request!
> E [29/Jan/2016:13:06:29 -0500] Bad URI "%server.policy" in request!
> E [29/Jan/2016:13:06:29 -0500] Bad URI "%login-config.xml" in request!
> E [29/Jan/2016:13:06:29 -0500] Bad URI "%org/jboss/version.properties" 
> in request!
> E [29/Jan/2016:13:06:29 -0500] Bad URI "%org/jboss/version.properties" 
> in request!
> I [29/Jan/2016:13:06:29 -0500] Started "/usr/lib/cups/cgi-bin/admin.cgi"
> (pid=10609)
> I [29/Jan/2016:13:06:29 -0500] Started "/usr/lib/cups/cgi-bin/admin.cgi"
> (pid=10613)
> 
> ***Crash sometime here***
> 
> I [29/Jan/2016:14:39:01 -0500] Listening to 0.0.0.0:631 (IPv4) I 
> [29/Jan/2016:14:39:01 -0500] Listening to [v1.::]:631 (IPv6) I 
> [29/Jan/2016:14:39:01 -0500] Listening to /var/run/cups/cups.sock 
> (Domain)
> 
> Has anyone else seen something like this or know if this is corrected 
> in a later version?
> 



Got some more information on this after getting a core dump but still not
sure the exact cause.   Found the following stack from the core:

Thread 1 (Thread 0x7ff19ea7e7c0 (LWP 56718)):
#0  0x00007ff19c280625 in raise () from /lib64/libc.so.6
#1  0x00007ff19c281e05 in abort () from /lib64/libc.so.6
#2  0x00007ff19c2be537 in __libc_message () from /lib64/libc.so.6
#3  0x00007ff19c2c3f4e in malloc_printerr () from /lib64/libc.so.6
#4  0x00007ff19c2c6cf0 in _int_free () from /lib64/libc.so.6
#5  0x00007ff19eab04b3 in ?? ()
#6  0x00007ff19eae57d2 in ?? ()
#7  0x00007ff19eabfdea in main ()

Seems fairly generic but it does seem to be close to matching what Redhat reports here: https://access.redhat.com/solutions/1202283

However when looking at the errata I am having trouble finding any of the
cups.org bugs included that indicate they would cause a crash.   

Do we know which fix RedHat included to fix this crash and if it is included in 1.7.3 that we are working to validate?

Thank you,

Dylan Stewart



_______________________________________________
cups mailing list
cups at cups.org
https://www.cups.org/mailman/listinfo/cups

CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.

More information about the cups mailing list