Attachment #187055 for bug #263070

Lines 153-159 Link Here

(-)cups-1.3.9/cups/http-addr.c (-1 / +1 lines)
153	#endif /* AF_LOCAL */	153	#endif /* AF_LOCAL */
154		154
155	if (addr->addr.sa_family == AF_INET &&	155	if (addr->addr.sa_family == AF_INET &&
156	ntohl(addr->ipv4.sin_addr.s_addr) == 0x7f000001)	156	(ntohl(addr->ipv4.sin_addr.s_addr) & 0xff000000) == 0x7f000000)
157	return (1);	157	return (1);
158		158
159	return (0);	159	return (0);




HREF="#ServerName"><CODE>ServerName</CODE></A>.</P>


<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.3.10</SPAN><A NAME="ServerAlias">ServerAlias</A></H2>

<H3>Examples</H3>

<PRE CLASS="command">
ServerAlias althost
ServerAlias althost.foo.com
ServerAlias althost.bar.com
ServerAlias *
</PRE>

<H3>Description</H3>

<P>The <CODE>ServerAlias</CODE> directive specifies alternate names that the
server is known by. By default it contains a list of all aliases associated
with the <A HREF="#ServerName"><CODE>ServerName</CODE></A>. The special name
"*" can be used to allow any hostname when accessing CUPS via an external
network interfaces.</P>

<BLOCKQUOTE><B>Note</B>

<P>The <CODE>ServerAlias</CODE> directive is used for HTTP Host header
validation when clients connect to the scheduler from external interfaces.
Using the special name "*" can expose your system to known browser-based
DNS rebinding attacks, even when accessing sites through a firewall. If the
auto-discovery of alternate names does not work, we recommend listing each
alternate name with a ServerAlias directive instead of using "*".</P>

</BLOCKQUOTE>


<H2 CLASS="title"><A NAME="ServerBin">ServerBin</A></H2>

<H3>Examples</H3>

Lines 12-18 Link Here

(-)cups-1.3.9/man/cupsd.conf.man.in (-1 / +6 lines)
12	.\" which should have been included with this file. If this file is	12	.\" which should have been included with this file. If this file is
13	.\" file is missing or damaged, see the license at "http://www.cups.org/".	13	.\" file is missing or damaged, see the license at "http://www.cups.org/".
14	.\"	14	.\"
15	.TH cupsd.conf 5 "Common UNIX Printing System" "16 June 2008" "Apple Inc."	15	.TH cupsd.conf 5 "Common UNIX Printing System" "1 April 2009" "Apple Inc."
16	.SH NAME	16	.SH NAME
17	cupsd.conf \- server configuration file for cups	17	cupsd.conf \- server configuration file for cups
18	.SH DESCRIPTION	18	.SH DESCRIPTION
Lines 540-545 Link Here
540	.br	540	.br
541	Specifies the email address of the server administrator.	541	Specifies the email address of the server administrator.
542	.TP 5	542	.TP 5
		543	ServerAlias hostname
		544	.br
		545	Specifies an alternate name that the server is known by. The special name "*"
		546	allows any name to be used.
		547	.TP 5
543	ServerBin directory	548	ServerBin directory
544	.br	549	.br
545	Specifies the directory where backends, CGIs, daemons, and filters may	550	Specifies the directory where backends, CGIs, daemons, and filters may




#endif /* HAVE_SSL */
static int		pipe_command(cupsd_client_t *con, int infile, int *outfile,
			             char *command, char *options, int root);
static int		valid_host(cupsd_client_t *con);
static int		write_file(cupsd_client_t *con, http_status_t code,
		        	   char *filename, char *type,
				   struct stat *filestats);

    * Map accesses from the same host to the server name.
    */

    if (HostNameLookups)
      if (httpAddrEqual(con->http.hostaddr, &(addr->addr)))
        break;

    if (addr)
    {
      strlcpy(con->http.hostname, ServerName, sizeof(con->http.hostname));
      hostname = con->http.hostname;
    }
    else if (HostNameLookups)
      hostname = httpAddrLookup(con->http.hostaddr, con->http.hostname,
                                sizeof(con->http.hostname));
    else

	return;
      }
    }
    else if (!valid_host(con))
    {
     /*
      * Access to localhost must use "localhost" or the corresponding IPv4
      * or IPv6 values in the Host: field.
      */

      cupsdLogMessage(CUPSD_LOG_WARN,
                      "Request from \"%s\" using invalid Host: field \"%s\"",
		      con->http.hostname, con->http.fields[HTTP_FIELD_HOST]);

      if (!cupsdSendError(con, HTTP_BAD_REQUEST, CUPSD_AUTH_NONE))
      {
	cupsdCloseClient(con);
	return;
      }
    }
    else if (con->operation == HTTP_OPTIONS)
    {
     /*



/*
 * 'valid_host()' - Is the Host: field valid?
 */

static int				/* O - 1 if valid, 0 if not */
valid_host(cupsd_client_t *con)		/* I - Client connection */
{
  cupsd_alias_t	*a;			/* Current alias */
  cupsd_netif_t	*netif;			/* Current network interface */
  const char	*host,			/* Host field */
		*end;			/* End character */


  host = con->http.fields[HTTP_FIELD_HOST];

  if (httpAddrLocalhost(con->http.hostaddr))
  {
   /*
    * Only allow "localhost" or the equivalent IPv4 or IPv6 numerical
    * addresses when accessing CUPS via the loopback interface...
    */

    return (!strcasecmp(host, "localhost") ||
            !strncasecmp(host, "localhost:", 10) ||
	    !strcasecmp(host, "localhost.") ||
            !strncasecmp(host, "localhost.:", 11) ||
#ifdef __linux
	    !strcasecmp(host, "localhost.localdomain") ||
            !strncasecmp(host, "localhost.localdomain:", 22) ||
#endif /* __linux */
            !strcmp(host, "127.0.0.1") ||
	    !strncmp(host, "127.0.0.1:", 10) ||
	    !strcmp(host, "[::1]") ||
	    !strncmp(host, "[::1]:", 6));
  }

#ifdef HAVE_DNSSD
 /*
  * Check if the hostname is something.local (Bonjour); if so, allow it.
  */

  if ((end = strrchr(host, '.')) != NULL &&
      (!strcasecmp(end, ".local") || !strncasecmp(end, ".local:", 7)))
    return (1);
#endif /* HAVE_DNSSD */

 /*
  * Check for (alias) name matches...
  */

  for (a = (cupsd_alias_t *)cupsArrayFirst(ServerAlias);
       a;
       a = (cupsd_alias_t *)cupsArrayNext(ServerAlias))
  {
   /*
    * "ServerAlias *" allows all host values through...
    */

    if (!strcmp(a->name, "*"))
      return (1);

    if (!strncasecmp(host, a->name, a->namelen))
    {
     /*
      * Prefix matches; check the character at the end - it must be either
      * ":" or nul...
      */

      end = host + a->namelen;

      if (!*end || *end == ':')
        return (1);
    }
  }

 /*
  * Check for interface hostname matches...
  */

  for (netif = (cupsd_netif_t *)cupsArrayFirst(NetIFList);
       netif;
       netif = (cupsd_netif_t *)cupsArrayNext(NetIFList))
  {
    if (!strncasecmp(host, netif->hostname, netif->hostlen))
    {
     /*
      * Prefix matches; check the character at the end - it must be either
      * ":" or nul...
      */

      end = host + netif->hostlen;

      if (!*end || *end == ':')
        return (1);
    }
  }

 /*
  * Check if the hostname is an IP address...
  */

  if (isdigit(*host & 255) || *host == '[')
  {
   /*
    * Possible IPv4/IPv6 address...
    */

    char	temp[1024],		/* Temporary string */
		*ptr;			/* Pointer into temporary string */
    http_addrlist_t *addrlist;		/* List of addresses */


    strlcpy(temp, host, sizeof(temp));
    if ((ptr = strrchr(temp, ':')) != NULL && !strchr(ptr, ']'))
      *ptr = '\0';			/* Strip :port from host value */

    if ((addrlist = httpAddrGetList(temp, AF_UNSPEC, NULL)) != NULL)
    {
     /*
      * Good IPv4/IPv6 address...
      */

      httpAddrFreeList(addrlist);
      return (1);
    }
  }

  return (0);
}


/*
 * 'write_file()' - Send a file via HTTP.
 */


Lines 95-102 Link Here

(-)cups-1.3.9/scheduler/client.h (-2 lines)
95	/* Time when listening was paused */	95	/* Time when listening was paused */
96	VAR cups_array_t *Clients VALUE(NULL);	96	VAR cups_array_t *Clients VALUE(NULL);
97	/* HTTP clients */	97	/* HTTP clients */
98	VAR http_addrlist_t *ServerAddrs VALUE(NULL);
99	/* Server address(es) */
100	VAR char *ServerHeader VALUE(NULL);	98	VAR char *ServerHeader VALUE(NULL);
101	/* Server header in requests */	99	/* Server header in requests */
102	VAR int CGIPipes[2] VALUE2(-1,-1);	100	VAR int CGIPipes[2] VALUE2(-1,-1);

Lines 187-192 Link Here

(-)cups-1.3.9/scheduler/conf.c (-3 / +116 lines)
187	/*	187	/*
188	* Local functions...	188	* Local functions...
189	*/	189	*/
		190
		191	static void add_alias(const char *name);
		192	static void free_aliases(void);
190	static http_addrlist_t get_address(const char value, int defport);	193	static http_addrlist_t get_address(const char value, int defport);
191	static int get_addr_and_mask(const char value, unsigned ip,	194	static int get_addr_and_mask(const char value, unsigned ip,
192	unsigned *mask);	195	unsigned *mask);
Lines 254-260 Link Here
254	return (-1);	257	return (-1);
255	}	258	}
256		259
257	dir_created = 1;	260	dir_created = 1;
		261	fileinfo.st_mode = mode \| S_IFDIR;
258	}	262	}
259	else	263	else
260	return (create_dir ? -1 : 1);	264	return (create_dir ? -1 : 1);
Lines 413-424 Link Here
413		417
414	cupsdDeleteAllListeners();	418	cupsdDeleteAllListeners();
415		419
		420	RemoteAccessEnabled = 0;
		421
416	/*	422	/*
417	* String options...	423	* String options...
418	*/	424	*/
419		425
420	cupsdSetString(&ServerName, httpGetHostname(NULL, temp, sizeof(temp)));	426	free_aliases();
421	cupsdSetStringf(&ServerAdmin, "root@%s", temp);	427
		428	cupsdClearString(&ServerName);
		429	cupsdClearString(&ServerAdmin);
422	cupsdSetString(&ServerBin, CUPS_SERVERBIN);	430	cupsdSetString(&ServerBin, CUPS_SERVERBIN);
423	cupsdSetString(&RequestRoot, CUPS_REQUESTS);	431	cupsdSetString(&RequestRoot, CUPS_REQUESTS);
424	cupsdSetString(&CacheDir, CUPS_CACHEDIR);	432	cupsdSetString(&CacheDir, CUPS_CACHEDIR);
Lines 626-640 Link Here
626		634
627	RunUser = getuid();	635	RunUser = getuid();
628		636
		637	cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
		638	RemoteAccessEnabled ? "enabled" : "disabled");
		639
629	/*	640	/*
630	* See if the ServerName is an IP address...	641	* See if the ServerName is an IP address...
631	*/	642	*/
632		643
		644	if (!ServerName)
		645	{
		646	if (gethostname(temp, sizeof(temp)))
		647	{
		648	cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
		649	strerror(errno));
		650	strlcpy(temp, "localhost", sizeof(temp));
		651	}
		652
		653	cupsdSetString(&ServerName, temp);
		654	add_alias(temp);
		655
		656	if (HostNameLookups \|\| RemoteAccessEnabled)
		657	{
		658	struct hostent host; / Host entry to get FQDN */
		659
		660	if ((host = gethostbyname(temp)) != NULL)
		661	{
		662	if (strcasecmp(temp, host->h_name))
		663	{
		664	cupsdSetString(&ServerName, host->h_name);
		665	add_alias(host->h_name);
		666	}
		667
		668	if (host->h_aliases)
		669	{
		670	for (i = 0; host->h_aliases[i]; i ++)
		671	if (strcasecmp(temp, host->h_aliases[i]))
		672	add_alias(host->h_aliases[i]);
		673	}
		674	}
		675	}
		676
		677	/*
		678	* Make sure we have the base hostname added as an alias, too!
		679	*/
		680
		681	if ((slash = strchr(temp, '.')) != NULL)
		682	{
		683	*slash = '\0';
		684	add_alias(temp);
		685	}
		686	}
		687
633	for (slash = ServerName; isdigit(slash & 255) \|\| slash == '.'; slash ++);	688	for (slash = ServerName; isdigit(slash & 255) \|\| slash == '.'; slash ++);
634		689
635	ServerNameIsIP = !*slash;	690	ServerNameIsIP = !*slash;
636		691
637	/*	692	/*
		693	* Make sure ServerAdmin is initialized...
		694	*/
		695
		696	if (!ServerAdmin)
		697	cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
		698
		699	/*
638	* Use the default system group if none was supplied in cupsd.conf...	700	* Use the default system group if none was supplied in cupsd.conf...
639	*/	701	*/
640		702
Lines 1246-1251 Link Here
1246		1308
1247		1309
1248	/*	1310	/*
		1311	* 'add_alias()' - Add a ServerAlias.
		1312	*/
		1313
		1314	static void
		1315	add_alias(const char name) / I - Name to add */
		1316	{
		1317	cupsd_alias_t a; / New alias */
		1318	size_t namelen; /* Length of name */
		1319
		1320
		1321	namelen = strlen(name);
		1322
		1323	if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
		1324	return;
		1325
		1326	if (!ServerAlias)
		1327	ServerAlias = cupsArrayNew(NULL, NULL);
		1328
		1329	a->namelen = namelen;
		1330	strcpy(a->name, name); /* OK since a->name is allocated */
		1331
		1332	cupsArrayAdd(ServerAlias, a);
		1333	}
		1334
		1335
		1336	/*
		1337	* 'free_aliases()' - Free all of the ServerAlias entries.
		1338	*/
		1339
		1340	static void
		1341	free_aliases(void)
		1342	{
		1343	cupsd_alias_t a; / Current alias */
		1344
		1345
		1346	for (a = (cupsd_alias_t *)cupsArrayFirst(ServerAlias);
		1347	a;
		1348	a = (cupsd_alias_t *)cupsArrayNext(ServerAlias))
		1349	free(a);
		1350
		1351	cupsArrayDelete(ServerAlias);
		1352	ServerAlias = NULL;
		1353	}
		1354
		1355
		1356	/*
1249	* 'get_address()' - Get an address + port number from a line.	1357	* 'get_address()' - Get an address + port number from a line.
1250	*/	1358	*/
1251		1359
Lines 2246-2251 Link Here
2246	#endif /* AF_LOCAL */	2354	#endif /* AF_LOCAL */
2247	cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv4)", temp,	2355	cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv4)", temp,
2248	ntohs(lis->address.ipv4.sin_port));	2356	ntohs(lis->address.ipv4.sin_port));
		2357
		2358	if (!httpAddrLocalhost(&(lis->address)))
		2359	RemoteAccessEnabled = 1;
2249	}	2360	}
2250		2361
2251	/*	2362	/*
Lines 2977-2982 Link Here
2977	break;	3088	break;
2978	}	3089	}
2979	}	3090	}
		3091	else if (!strcasecmp(line, "ServerAlias") && value)
		3092	add_alias(value);
2980	else if (!strcasecmp(line, "SetEnv") && value)	3093	else if (!strcasecmp(line, "SetEnv") && value)
2981	{	3094	{
2982	/*	3095	/*

Lines 46-51 Link Here

(-)cups-1.3.9/scheduler/conf.h (-1 / +17 lines)
46		46
47		47
48	/*	48	/*
		49	* ServerAlias data...
		50	*/
		51
		52	typedef struct
		53	{
		54	size_t namelen; /* Length of alias name */
		55	char name[1]; /* Alias name */
		56	} cupsd_alias_t;
		57
		58
		59	/*
49	* Globals...	60	* Globals...
50	*/	61	*/
51		62
Lines 65-71 Link Here
65	/* Directory for request files */	76	/* Directory for request files */
66	*DocumentRoot VALUE(NULL);	77	*DocumentRoot VALUE(NULL);
67	/* Root directory for documents */	78	/* Root directory for documents */
68	VAR int ServerNameIsIP VALUE(0);	79	VAR cups_array_t *ServerAlias VALUE(NULL);
		80	/* Alias names for server */
		81	VAR int RemoteAccessEnabled VALUE(0),
		82	/* Are we listening on non-local addresses? */
		83	ServerNameIsIP VALUE(0);
		84	/* Is the ServerName an IP address? */
69	VAR int NumSystemGroups VALUE(0);	85	VAR int NumSystemGroups VALUE(0);
70	/* Number of system group names */	86	/* Number of system group names */
71	VAR char *SystemGroups[MAX_SYSTEM_GROUPS]	87	VAR char *SystemGroups[MAX_SYSTEM_GROUPS]




                  cupsArrayCount(Listeners));

 /*
  * Get the server's IP address...
  */

  if (ServerAddrs)
    httpAddrFreeList(ServerAddrs);

  if ((ServerAddrs = httpAddrGetList(ServerName, AF_UNSPEC, NULL)) == NULL)
    cupsdLogMessage(CUPSD_LOG_ERROR,
                    "Unable to find IP address for server name \"%s\"!\n",
		    ServerName);

 /*
  * Setup socket listeners...
  */





  cupsd_netif_t		*temp;		/* New interface */
  struct ifaddrs	*addrs,		/* Interface address list */
			*addr;		/* Current interface address */
  http_addrlist_t	*saddr;		/* Current server address */
  char			hostname[1024];	/* Hostname for address */
  size_t		hostlen;	/* Length of hostname */


 /*

    * Try looking up the hostname for the address as needed...
    */

    if (HostNameLookups || RemoteAccessEnabled)
      httpAddrLookup((http_addr_t *)(addr->ifa_addr), hostname,
                     sizeof(hostname));
    else

      if (httpAddrLocalhost((http_addr_t *)(addr->ifa_addr)))
        strcpy(hostname, "localhost");
      else
	httpAddrString((http_addr_t *)(addr->ifa_addr), hostname,
		       sizeof(hostname));
	  if (httpAddrEqual((http_addr_t *)(addr->ifa_addr), &(saddr->addr)))
	    break;

	if (saddr)
          strlcpy(hostname, ServerName, sizeof(hostname));
	else
          httpAddrString((http_addr_t *)(addr->ifa_addr), hostname,
	        	 sizeof(hostname));
      }
    }

   /*
    * Create a new address element...
    */

    hostlen = strlen(hostname);
    if ((temp = calloc(1, sizeof(cupsd_netif_t) + hostlen)) == NULL)
      break;

   /*

    */

    strlcpy(temp->name, addr->ifa_name, sizeof(temp->name));
    temp->hostlen = hostlen;
    strcpy(temp->hostname, hostname);	/* Safe because hostname is allocated */

    if (addr->ifa_addr->sa_family == AF_INET)

Lines 25-30 Link Here

(-)cups-1.3.9/scheduler/network.h (+1 lines)
25	http_addr_t address, /* Network address */	25	http_addr_t address, /* Network address */
26	mask, /* Network mask */	26	mask, /* Network mask */
27	broadcast; /* Broadcast address */	27	broadcast; /* Broadcast address */
		28	size_t hostlen; /* Length of hostname */
28	char name[32], /* Network interface name */	29	char name[32], /* Network interface name */
29	hostname[1]; /* Hostname associated with interface */	30	hostname[1]; /* Hostname associated with interface */
30	} cupsd_netif_t;	31	} cupsd_netif_t;

Return to bug 263070

Lines 2477-2482 Link Here

(-)cups-1.3.9/doc/help/ref-cupsd-conf.html.in (+31 lines)
2477	HREF="#ServerName"><CODE>ServerName</CODE></A>.</P>	2477	HREF="#ServerName"><CODE>ServerName</CODE></A>.</P>
2478		2478
2479		2479
		2480	<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.3.10</SPAN><A NAME="ServerAlias">ServerAlias</A></H2>
		2481
		2482	<H3>Examples</H3>
		2483
		2484	<PRE CLASS="command">
		2485	ServerAlias althost
		2486	ServerAlias althost.foo.com
		2487	ServerAlias althost.bar.com
		2488	ServerAlias *
		2489	</PRE>
		2490
		2491	<H3>Description</H3>
		2492
		2493	<P>The <CODE>ServerAlias</CODE> directive specifies alternate names that the
		2494	server is known by. By default it contains a list of all aliases associated
		2495	with the <A HREF="#ServerName"><CODE>ServerName</CODE></A>. The special name
		2496	"*" can be used to allow any hostname when accessing CUPS via an external
		2497	network interfaces.</P>
		2498
		2499	<BLOCKQUOTE><B>Note</B>
		2500
		2501	<P>The <CODE>ServerAlias</CODE> directive is used for HTTP Host header
		2502	validation when clients connect to the scheduler from external interfaces.
		2503	Using the special name "*" can expose your system to known browser-based
		2504	DNS rebinding attacks, even when accessing sites through a firewall. If the
		2505	auto-discovery of alternate names does not work, we recommend listing each
		2506	alternate name with a ServerAlias directive instead of using "*".</P>
		2507
		2508	</BLOCKQUOTE>
		2509
		2510
2480	<H2 CLASS="title"><A NAME="ServerBin">ServerBin</A></H2>	2511	<H2 CLASS="title"><A NAME="ServerBin">ServerBin</A></H2>
2481		2512
2482	<H3>Examples</H3>	2513	<H3>Examples</H3>

Lines 102-107 Link Here

(-)cups-1.3.9/scheduler/client.c (-10 / +150 lines)
102	#endif /* HAVE_SSL */	102	#endif /* HAVE_SSL */
103	static int pipe_command(cupsd_client_t con, int infile, int outfile,	103	static int pipe_command(cupsd_client_t con, int infile, int outfile,
104	char command, char options, int root);	104	char command, char options, int root);
		105	static int valid_host(cupsd_client_t *con);
105	static int write_file(cupsd_client_t *con, http_status_t code,	106	static int write_file(cupsd_client_t *con, http_status_t code,
106	char filename, char type,	107	char filename, char type,
107	struct stat *filestats);	108	struct stat *filestats);
Lines 261-276 Link Here
261	* Map accesses from the same host to the server name.	262	* Map accesses from the same host to the server name.
262	*/	263	*/
263		264
264	for (addr = ServerAddrs; addr; addr = addr->next)	265	if (HostNameLookups)
265	if (httpAddrEqual(con->http.hostaddr, &(addr->addr)))
266	break;
267
268	if (addr)
269	{
270	strlcpy(con->http.hostname, ServerName, sizeof(con->http.hostname));
271	hostname = con->http.hostname;
272	}
273	else if (HostNameLookups)
274	hostname = httpAddrLookup(con->http.hostaddr, con->http.hostname,	266	hostname = httpAddrLookup(con->http.hostaddr, con->http.hostname,
275	sizeof(con->http.hostname));	267	sizeof(con->http.hostname));
276	else	268	else
Lines 1078-1083 Link Here
1078	return;	1070	return;
1079	}	1071	}
1080	}	1072	}
		1073	else if (!valid_host(con))
		1074	{
		1075	/*
		1076	* Access to localhost must use "localhost" or the corresponding IPv4
		1077	* or IPv6 values in the Host: field.
		1078	*/
		1079
		1080	cupsdLogMessage(CUPSD_LOG_WARN,
		1081	"Request from \"%s\" using invalid Host: field \"%s\"",
		1082	con->http.hostname, con->http.fields[HTTP_FIELD_HOST]);
		1083
		1084	if (!cupsdSendError(con, HTTP_BAD_REQUEST, CUPSD_AUTH_NONE))
		1085	{
		1086	cupsdCloseClient(con);
		1087	return;
		1088	}
		1089	}
1081	else if (con->operation == HTTP_OPTIONS)	1090	else if (con->operation == HTTP_OPTIONS)
1082	{	1091	{
1083	/*	1092	/*
Lines 4805-4810 Link Here
4805		4814
4806		4815
4807	/*	4816	/*
		4817	* 'valid_host()' - Is the Host: field valid?
		4818	*/
		4819
		4820	static int /* O - 1 if valid, 0 if not */
		4821	valid_host(cupsd_client_t con) / I - Client connection */
		4822	{
		4823	cupsd_alias_t a; / Current alias */
		4824	cupsd_netif_t netif; / Current network interface */
		4825	const char host, / Host field */
		4826	end; / End character */
		4827
		4828
		4829	host = con->http.fields[HTTP_FIELD_HOST];
		4830
		4831	if (httpAddrLocalhost(con->http.hostaddr))
		4832	{
		4833	/*
		4834	* Only allow "localhost" or the equivalent IPv4 or IPv6 numerical
		4835	* addresses when accessing CUPS via the loopback interface...
		4836	*/
		4837
		4838	return (!strcasecmp(host, "localhost") \|\|
		4839	!strncasecmp(host, "localhost:", 10) \|\|
		4840	!strcasecmp(host, "localhost.") \|\|
		4841	!strncasecmp(host, "localhost.:", 11) \|\|
		4842	#ifdef __linux
		4843	!strcasecmp(host, "localhost.localdomain") \|\|
		4844	!strncasecmp(host, "localhost.localdomain:", 22) \|\|
		4845	#endif /* __linux */
		4846	!strcmp(host, "127.0.0.1") \|\|
		4847	!strncmp(host, "127.0.0.1:", 10) \|\|
		4848	!strcmp(host, "[::1]") \|\|
		4849	!strncmp(host, "[::1]:", 6));
		4850	}
		4851
		4852	#ifdef HAVE_DNSSD
		4853	/*
		4854	* Check if the hostname is something.local (Bonjour); if so, allow it.
		4855	*/
		4856
		4857	if ((end = strrchr(host, '.')) != NULL &&
		4858	(!strcasecmp(end, ".local") \|\| !strncasecmp(end, ".local:", 7)))
		4859	return (1);
		4860	#endif /* HAVE_DNSSD */
		4861
		4862	/*
		4863	* Check for (alias) name matches...
		4864	*/
		4865
		4866	for (a = (cupsd_alias_t *)cupsArrayFirst(ServerAlias);
		4867	a;
		4868	a = (cupsd_alias_t *)cupsArrayNext(ServerAlias))
		4869	{
		4870	/*
		4871	* "ServerAlias *" allows all host values through...
		4872	*/
		4873
		4874	if (!strcmp(a->name, "*"))
		4875	return (1);
		4876
		4877	if (!strncasecmp(host, a->name, a->namelen))
		4878	{
		4879	/*
		4880	* Prefix matches; check the character at the end - it must be either
4881	* ":" or nul...
4882	*/
4883
4884	end = host + a->namelen;
4885
4886	if (!end \|\| end == ':')
4887	return (1);
4888	}
4889	}
4890
4891	/*
4892	* Check for interface hostname matches...
4893	*/
4894
4895	for (netif = (cupsd_netif_t *)cupsArrayFirst(NetIFList);
4896	netif;
4897	netif = (cupsd_netif_t *)cupsArrayNext(NetIFList))
4898	{
4899	if (!strncasecmp(host, netif->hostname, netif->hostlen))
4900	{
4901	/*
4902	* Prefix matches; check the character at the end - it must be either
4903	* ":" or nul...
4904	*/
4905
4906	end = host + netif->hostlen;
4907
4908	if (!end \|\| end == ':')
4909	return (1);
4910	}
4911	}
4912
4913	/*
4914	* Check if the hostname is an IP address...
4915	*/
4916
4917	if (isdigit(host & 255) \|\| host == '[')
4918	{
4919	/*
4920	* Possible IPv4/IPv6 address...
4921	*/
4922
4923	char temp[1024], /* Temporary string */
4924	ptr; / Pointer into temporary string */
4925	http_addrlist_t addrlist; / List of addresses */
4926
4927
4928	strlcpy(temp, host, sizeof(temp));
4929	if ((ptr = strrchr(temp, ':')) != NULL && !strchr(ptr, ']'))
4930	ptr = '\0'; / Strip :port from host value */
4931
4932	if ((addrlist = httpAddrGetList(temp, AF_UNSPEC, NULL)) != NULL)
4933	{
4934	/*
4935	* Good IPv4/IPv6 address...
4936	*/
4937
4938	httpAddrFreeList(addrlist);
4939	return (1);
4940	}
4941	}
4942
4943	return (0);
4944	}
4945
4946
4947	/*
4808	* 'write_file()' - Send a file via HTTP.	4948	* 'write_file()' - Send a file via HTTP.
4809	*/	4949	*/
4810		4950

Lines 143-160 Link Here

(-)cups-1.3.9/scheduler/listen.c (-12 lines)
143	cupsArrayCount(Listeners));	143	cupsArrayCount(Listeners));
144		144
145	/*	145	/*
146	* Get the server's IP address...
147	*/
148
149	if (ServerAddrs)
150	httpAddrFreeList(ServerAddrs);
151
152	if ((ServerAddrs = httpAddrGetList(ServerName, AF_UNSPEC, NULL)) == NULL)
153	cupsdLogMessage(CUPSD_LOG_ERROR,
154	"Unable to find IP address for server name \"%s\"!\n",
155	ServerName);
156
157	/*
158	* Setup socket listeners...	146	* Setup socket listeners...
159	*/	147	*/
160		148

Lines 100-107 Link Here

(-)cups-1.3.9/scheduler/network.c (-15 / +7 lines)
100	cupsd_netif_t temp; / New interface */	100	cupsd_netif_t temp; / New interface */
101	struct ifaddrs addrs, / Interface address list */	101	struct ifaddrs addrs, / Interface address list */
102	addr; / Current interface address */	102	addr; / Current interface address */
103	http_addrlist_t saddr; / Current server address */
104	char hostname[1024]; /* Hostname for address */	103	char hostname[1024]; /* Hostname for address */
		104	size_t hostlen; /* Length of hostname */
105		105
106		106
107	/*	107	/*
Lines 155-161 Link Here
155	* Try looking up the hostname for the address as needed...	155	* Try looking up the hostname for the address as needed...
156	*/	156	*/
157		157
158	if (HostNameLookups)	158	if (HostNameLookups \|\| RemoteAccessEnabled)
159	httpAddrLookup((http_addr_t *)(addr->ifa_addr), hostname,	159	httpAddrLookup((http_addr_t *)(addr->ifa_addr), hostname,
160	sizeof(hostname));	160	sizeof(hostname));
161	else	161	else
Lines 169-193 Link Here
169	if (httpAddrLocalhost((http_addr_t *)(addr->ifa_addr)))	169	if (httpAddrLocalhost((http_addr_t *)(addr->ifa_addr)))
170	strcpy(hostname, "localhost");	170	strcpy(hostname, "localhost");
171	else	171	else
172	{	172	httpAddrString((http_addr_t *)(addr->ifa_addr), hostname,
173	for (saddr = ServerAddrs; saddr; saddr = saddr->next)	173	sizeof(hostname));
174	if (httpAddrEqual((http_addr_t *)(addr->ifa_addr), &(saddr->addr)))
175	break;
176
177	if (saddr)
178	strlcpy(hostname, ServerName, sizeof(hostname));
179	else
180	httpAddrString((http_addr_t *)(addr->ifa_addr), hostname,
181	sizeof(hostname));
182	}
183	}	174	}
184		175
185	/*	176	/*
186	* Create a new address element...	177	* Create a new address element...
187	*/	178	*/
188		179
189	if ((temp = calloc(1, sizeof(cupsd_netif_t) +	180	hostlen = strlen(hostname);
190	strlen(hostname))) == NULL)	181	if ((temp = calloc(1, sizeof(cupsd_netif_t) + hostlen)) == NULL)
191	break;	182	break;
192		183
193	/*	184	/*
Lines 195-200 Link Here
195	*/	186	*/
196		187
197	strlcpy(temp->name, addr->ifa_name, sizeof(temp->name));	188	strlcpy(temp->name, addr->ifa_name, sizeof(temp->name));
		189	temp->hostlen = hostlen;
198	strcpy(temp->hostname, hostname); /* Safe because hostname is allocated */	190	strcpy(temp->hostname, hostname); /* Safe because hostname is allocated */
199		191
200	if (addr->ifa_addr->sa_family == AF_INET)	192	if (addr->ifa_addr->sa_family == AF_INET)