Bug 241400 - IPV6 addresses not accepted in "Allow From" directives
Summary: IPV6 addresses not accepted in "Allow From" directives
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cups   
(Show other bugs)
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Tim Waugh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-05-25 18:27 UTC by Valdis Kletnieks
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version: RHSA-2007-1020
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-31 13:49:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
cups-ipv6-parse.patch (405 bytes, patch)
2007-05-29 13:14 UTC, Tim Waugh
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:1020 normal SHIPPED_LIVE Important: cups security and bug fix update 2007-10-31 13:48:34 UTC
CUPS Bugs and Features 2117 None None None Never

Description Valdis Kletnieks 2007-05-25 18:27:05 UTC
Description of problem:
Trying to list an IPv6 network in the Allow From causes a 'Bad netmask value'
error message, and CUPS refuses to start up.

Version-Release number of selected component (if applicable):

How reproducible:
From my cupds.conf:

<Location />
Order Deny,Allow
Deny From All
Allow From
Allow From 198.82.*
Allow From 128.173.*
Allow From [2001:468:c80::]/48
Encryption Required
AuthClass Anonymous

Steps to Reproduce:
Actual results:
Seen in error_log:
d [25/May/2007:14:12:56 -0400] get_addr_and_mask(value="",
ip=[00000000:00000000:00000000:7f000001], mask=[ffffffff:ffffffff:ffffffff:ffffffff]
d [25/May/2007:14:12:56 -0400] cupsdAllowIP(loc=0x8fa5130(/),
address=0:0:0:7f000001, netmask=ffffffff:ffffffff:ffffffff:ffffffff)
d [25/May/2007:14:12:56 -0400] get_addr_and_mask(value="198.82.*",
ip=[00000000:00000000:00000000:c6520000], mask=[ffffffff:ffffffff:ffffffff:ffff0000]
d [25/May/2007:14:12:56 -0400] cupsdAllowIP(loc=0x8fa5130(/),
address=0:0:0:c6520000, netmask=ffffffff:ffffffff:ffffffff:ffff0000)
d [25/May/2007:14:12:56 -0400] get_addr_and_mask(value="128.173.*",
ip=[00000000:00000000:00000000:80ad0000], mask=[ffffffff:ffffffff:ffffffff:ffff0000]
d [25/May/2007:14:12:56 -0400] cupsdAllowIP(loc=0x8fa5130(/),
address=0:0:0:80ad0000, netmask=ffffffff:ffffffff:ffffffff:ffff0000)
d [25/May/2007:14:12:56 -0400] get_addr_and_mask(value="[2001:468:c80::]/48",
ip=[20010468:0c800000:00000000:00000041], mask=[ffffffff:ffff0000:00000000:00000000]
E [25/May/2007:14:12:56 -0400] Bad netmask value [2001:468:c80::]/48 on line 778.

Note that get_addr_and_mask actually *did* parse out the correct bits, but the
next line indicates a failure.

Expected results:
The exact same 'Allow From [2001:468:c80::]/48' is accepted without complaint by
a Fedora Core 7/Rawhide box running cups-1.2.10-6.fc7

Additional info:

Comment 1 Tim Waugh 2007-05-29 13:14:39 UTC
Created attachment 155590 [details]

get_addr_and_mask has '41' at the end of the IP address, which isn't right.  I
think this is the fix.

Comment 3 RHEL Product and Program Management 2007-05-29 13:23:46 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 10 errata-xmlrpc 2007-10-31 13:49:03 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.