desktop-packages team mailing list archive

[insaner <1086303@xxxxxxxxxxxxxxxxxx>]

I was about to file this same bug. After a few days of research, I found
the following similar or related bug reports:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525910
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/763755
https://answers.launchpad.net/ubuntu/+source/cupsys/+question/7880
http://thismightbehelpful.blogspot.ca/2008/09/remote-access-to-cups-web-interface.html

Note, the issue begins in 1.4.x versions of cups, <=1.3 should work
fine, so a downgrade might be your desired course of action if that's a
possibility for you.

None of the solutions provided in those helped. In case you find this
via google, let me save you some time and enumerate them here:

-In cups.conf, add (or uncomment, or modify) a line at the end to read:
ServerAlias *

-In cups.conf, add (or uncomment, or modify) the entry for "<Location /admin>" to:
Allow from all
or
Allow from [some ip here]

-In cups.conf, add a line that reads:
Listen 192.168.1.1:631
or
Listen *:631
(or whatever port you want to use instead of 631)

(with the IP you want to allow access to)


The problem shows up as lines similar to the following in your cups error_log file:

E [23/Nov/2015:15:35:28 -0500] Request from "localhost" using invalid
Host: field "cups_local_host:631"


The most relevant link was:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027

which traces the problem to this patch:

https://bugzilla.redhat.com/attachment.cgi?id=335489
(direct link to msg: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027#56 )

Which was submitted to solve:

https://security-tracker.debian.org/tracker/CVE-2009-0164

So with that info, I downloaded the sources on my fedora (fc17) machine,
modified them, rebuilt the packages and installed, and everything works
now as (I) intended.

I have attached the patch I wrote which solves it for me,

WARNING: this might introduce some security issues (related to CVE-2009-0164), which I didn't delve too deeply to know whether they do or not. 
So, USE AT YOUR OWN RISK. 

Read this too: 
http://www.cups.org/str.php?L3183


When running the patched version, you still need to have the proper Listen and ServerAlias entries, of course.

** Bug watch added: Debian Bug tracker #525910
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525910

** Bug watch added: Debian Bug tracker #530027
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0164

** Patch added: "cups-patch-for-bad-request.diff"
   https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1086303/+attachment/4524379/+files/cups-patch-for-bad-request.diff

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1086303

Title:
  Cups server can't listen - accept connections to 127.0.1.1  ( Bad
  request )

Status in cups package in Ubuntu:
  New

Bug description:
  As we know ubuntu binds the following

  127.0.0.1 localhost
  127.0.1.1 hostname

  We assume that my hostname  is afterburner

  Cups listens by default to localhost - 127.0.0.1  so if you try to
  access it using your hostname it fails so i proceed as follows

  In the cupsd.conf

  If i comment out the  " port 631 " and add

  Listen afterburner:631

  im getting bad request when trying to open http://afterburner:631

  The same is happening with the

  Listen 127.0.1.1:631

  All this happening when trying to access cups webpage form the pc that
  running the cups , if you try to access the cups server form a lan pc
  using the http://afterburner:631  it works even with the default
  config.

  So my question is  why using all the different configurations  im not
  able to access cups webpages from the same pc using the hostname ?

  http://afterburner:631

  I can only access cups from the same pc using

  http://127.0.0.1:631
  http://localhost:631

  when using the default cupsd.conf that listens to "port 631"

  ProblemType: Bug
  DistroRelease: Ubuntu 12.10
  Package: cups 1.6.1-0ubuntu11
  ProcVersionSignature: Ubuntu 3.5.0-19.30-generic 3.5.7
  Uname: Linux 3.5.0-19-generic x86_64
  NonfreeKernelModules: fglrx
  ApportVersion: 2.6.1-0ubuntu7
  Architecture: amd64
  Date: Tue Dec  4 11:19:58 2012
  InstallationDate: Installed on 2012-11-14 (19 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  Lpstat: Error: command ['lpstat', '-v'] failed with exit code 1: lpstat: No destinations added.
  MachineType: System manufacturer System Product Name
  MarkForUpload: True
  Papersize: letter
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-19-generic root=UUID=c8a96c42-10b2-4661-9472-a89ba6ef74cb ro quiet splash vt.handoff=7
  SourcePackage: cups
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/30/2008
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 1601
  dmi.board.asset.tag: To Be Filled By O.E.M.
  dmi.board.name: Blitz Formula
  dmi.board.vendor: ASUSTeK Computer INC.
  dmi.board.version: Rev 1.xx
  dmi.chassis.asset.tag: Asset-1234567890
  dmi.chassis.type: 3
  dmi.chassis.vendor: Chassis Manufacture
  dmi.chassis.version: Chassis Version
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1601:bd12/30/2008:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKComputerINC.:rnBlitzFormula:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
  dmi.product.name: System Product Name
  dmi.product.version: System Version
  dmi.sys.vendor: System manufacturer
  mtime.conffile..etc.cups.cupsd.conf: 2012-12-04T11:20:29.252332

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1086303/+subscriptions