Bug 137955

Summary: CUPS ignores Listen directive for UDP port
Product: [Fedora] Fedora Reporter: Albert Strasheim <13640887>
Component: cupsAssignee: Tim Waugh <twaugh>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 2   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-11-03 10:47:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Albert Strasheim 2004-11-03 06:22:08 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3)
Gecko/20041026 Firefox/1.0RC1

Description of problem:
I configured my printer with system-config-printer. It added the
following lines to /etc/cups/cupsd.conf:

<Location /printers/hp4plus>
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
AuthType None
</Location>
<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
Browsing On
BrowseProtocols cups
BrowseOrder Deny,Allow
BrowseAllow from @LOCAL
Listen 127.0.0.1:631

The configuration file contains no other Listen or Port directives.

However, according to netstat:

tcp        0      0 127.0.0.1:631           0.0.0.0:*    LISTEN      
udp        0      0 0.0.0.0:631             0.0.0.0:*                
         

CUPS seems to be ignoring the Listen directive for its UDP port. I
don't know if this is related to browsing, but specifying a
BrowseAddress doesn't make a difference (CUPS still binds to all
interfaces). 

Version-Release number of selected component (if applicable):
cups-1.1.20-11.6

How reproducible:
Always

Steps to Reproduce:
1. Configure CUPS with system-config-printer.
2. netstat -na | grep 631
    

Actual Results:  CUPS TCP port listens to specified interface and
port, but UDP port listens to all interfaces on the specified port.

Expected Results:  CUPS should only listen on the specified interface.

Additional info:
Comment 1 Tim Waugh 2004-11-03 09:31:58 UTC 
The Listen directive is for IPP connections (i.e. TCP).  The
BrowseAllow/BrowseDeny directives are what you want.
Comment 2 Albert Strasheim 2004-11-03 10:21:30 UTC 
The CUPS UDP port listens on all interfaces regardless of the 
BrowseAllow and BrowseDeny directives. I don't think this is as 
secure as it can be.

CUPS should either use the Listen directive and listen on those 
interfaces for both TCP and UDP or figure out which interfaces to 
listen on using the Browse directives (probably tricky).
Comment 3 Tim Waugh 2004-11-03 10:47:42 UTC 
Tracking this upstream:

http://www.cups.org/str.php?L992