backend/ipp.c: Fix infinite loop with Kerberos

If IP address was used with Kerberos, IPP backend retried connection
indefinitely. The fix is to abort when we find out hostname is an IP
address and we require Kerberos.

Fixes #838

diff --git a/CHANGES.md b/CHANGES.md
index 10cf171e1604df38206da071e5c3424ddd218a45..1349f90fc68526f242d3502fe8e928ac042620bc 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -40,6 +40,7 @@ Changes in CUPS v2.5b1 (TBA)
 - Fixed memory leak when creating color profiles (Issue #814)
 - Fixed crash in `scan_ps()` if incoming argument is NULL (Issue #831)
 - Fixed setting job state reasons for successful jobs (Issue #832)
+- Fixed infinite loop in IPP backend if hostname is IP address with Kerberos (Issue #838)
 - Fixed crash in `ppdEmitString()` if there is no record for page size `Custom`
   (Issue #849)
 - Fixed reporting `media-source-supported` when sharing printer which has numbers as strings

diff --git a/backend/ipp.c b/backend/ipp.c
index 434f71016bcc69ea87e7f2afda9fba907ba31217..3e609bd5b03f839f8bc9a81ed5bd80f9b19889b5 100644 (file)
--- a/backend/ipp.c
+++ b/backend/ipp.c
@@ -409,6 +409,19 @@ main(int  argc,                            /* I - Number of command-line args */
   else
     cupsSetEncryption(HTTP_ENCRYPTION_IF_REQUESTED);
 
+  if (!strcmp(auth_info_required, "negotiate") &&
+      (isdigit(hostname[0] & 255) || hostname[0] == '['))
+  {
+   /*
+    * IP addresses are not allowed with Kerberos...
+    */
+
+    _cupsLangPrintFilter(stderr, "ERROR",
+                        _("IP address is not allowed as hostname when using Negotiate - use FQDN."));
+    update_reasons(NULL, "-connecting-to-device");
+    return (CUPS_BACKEND_FAILED);
+  }
+
  /*
   * See if there are any options...
   */