Cups server can't listen - accept connections to 127.0.1.1 ( Bad request )

Bug #1086303 reported by zzecool
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Undecided
Unassigned

Bug Description

As we know ubuntu binds the following

127.0.0.1 localhost
127.0.1.1 hostname

We assume that my hostname is afterburner

Cups listens by default to localhost - 127.0.0.1 so if you try to access it using your hostname it fails so i proceed as follows

In the cupsd.conf

If i comment out the " port 631 " and add

Listen afterburner:631

im getting bad request when trying to open http://afterburner:631

The same is happening with the

Listen 127.0.1.1:631

All this happening when trying to access cups webpage form the pc that running the cups , if you try to access the cups server form a lan pc using the http://afterburner:631 it works even with the default config.

So my question is why using all the different configurations im not able to access cups webpages from the same pc using the hostname ?

http://afterburner:631

I can only access cups from the same pc using

http://127.0.0.1:631
http://localhost:631

when using the default cupsd.conf that listens to "port 631"

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: cups 1.6.1-0ubuntu11
ProcVersionSignature: Ubuntu 3.5.0-19.30-generic 3.5.7
Uname: Linux 3.5.0-19-generic x86_64
NonfreeKernelModules: fglrx
ApportVersion: 2.6.1-0ubuntu7
Architecture: amd64
Date: Tue Dec 4 11:19:58 2012
InstallationDate: Installed on 2012-11-14 (19 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
Lpstat: Error: command ['lpstat', '-v'] failed with exit code 1: lpstat: No destinations added.
MachineType: System manufacturer System Product Name
MarkForUpload: True
Papersize: letter
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-19-generic root=UUID=c8a96c42-10b2-4661-9472-a89ba6ef74cb ro quiet splash vt.handoff=7
SourcePackage: cups
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/30/2008
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1601
dmi.board.asset.tag: To Be Filled By O.E.M.
dmi.board.name: Blitz Formula
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Asset-1234567890
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1601:bd12/30/2008:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKComputerINC.:rnBlitzFormula:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
dmi.product.name: System Product Name
dmi.product.version: System Version
dmi.sys.vendor: System manufacturer
mtime.conffile..etc.cups.cupsd.conf: 2012-12-04T11:20:29.252332

CVE References

Revision history for this message
zzecool (zzecool) wrote :
zzecool (zzecool)
summary: - Cups server can't listen in any other ip than the default ( Bad
+ Cups server can't listen - accept connections to 127.0.1.1 ( Bad
request )
zzecool (zzecool)
description: updated
Revision history for this message
insaner (insaner) wrote :

I was about to file this same bug. After a few days of research, I found the following similar or related bug reports:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525910
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/763755
https://answers.launchpad.net/ubuntu/+source/cupsys/+question/7880
http://thismightbehelpful.blogspot.ca/2008/09/remote-access-to-cups-web-interface.html

Note, the issue begins in 1.4.x versions of cups, <=1.3 should work fine, so a downgrade might be your desired course of action if that's a possibility for you.

None of the solutions provided in those helped. In case you find this via google, let me save you some time and enumerate them here:

-In cups.conf, add (or uncomment, or modify) a line at the end to read:
ServerAlias *

-In cups.conf, add (or uncomment, or modify) the entry for "<Location /admin>" to:
Allow from all
or
Allow from [some ip here]

-In cups.conf, add a line that reads:
Listen 192.168.1.1:631
or
Listen *:631
(or whatever port you want to use instead of 631)

(with the IP you want to allow access to)

The problem shows up as lines similar to the following in your cups error_log file:

E [23/Nov/2015:15:35:28 -0500] Request from "localhost" using invalid Host: field "cups_local_host:631"

The most relevant link was:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027

which traces the problem to this patch:

https://bugzilla.redhat.com/attachment.cgi?id=335489
(direct link to msg: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027#56 )

Which was submitted to solve:

https://security-tracker.debian.org/tracker/CVE-2009-0164

So with that info, I downloaded the sources on my fedora (fc17) machine, modified them, rebuilt the packages and installed, and everything works now as (I) intended.

I have attached the patch I wrote which solves it for me,

WARNING: this might introduce some security issues (related to CVE-2009-0164), which I didn't delve too deeply to know whether they do or not.
So, USE AT YOUR OWN RISK.

Read this too:
http://www.cups.org/str.php?L3183

When running the patched version, you still need to have the proper Listen and ServerAlias entries, of course.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "cups-patch-for-bad-request.diff" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The apparmor denials have since been fixed. Removing the apparmor tag.

Revision history for this message
gf (gf-interlinks-deactivatedaccount) wrote :

Hello Zzecool,
Thank you for submitting this bug and reporting a problem with cups. You made this bug report some time ago and Ubuntu and cups have been updated since then.

Could you confirm that this is no longer a problem and that we can close the ticket?
If it is still a problem, are you still interested in finding a solution to this bug?
If you are, could you let us know and, in the current version, could you run the following (only once):
apport-collect 1086303
and upload the updated logs and and any other logs that are relevant for this particular issue.

Thank you again for helping make Ubuntu and cups better.
G

Changed in cups (Ubuntu):
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.