[Bug 1356] X11 forwarding broken.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Aug 21 17:31:24 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1356


Mark Andrews <marka at isc.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |


--- Comment #3 from Mark Andrews <marka at isc.org> 2009-08-21 17:31:23 EST ---
> The logic for X11 binding has changed as a result of
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 -- OpenSSH
> >5.0 will still fail in this case (getaddrinfo() returning both IPv4
> and v6 addrs but bind not working for one of them), but it will fail
> /on purpose/. 

There is a difference between EADDRINUSE and EADDRNOTAVAIL.  One
indicates that the <address,port> tuple is in use.  The other
indicates that the interface does not exist.

> Given the problem that gave us CVE-2008-1483, I think OpenSSH refusing
> X11 forwarding is the only reasonable solution. IMO getaddrinfo()
> shouldn't return addresses that cannot be bound. A workaround for this
> is to explicitly set AddressFamily in sshd_config(5).

The case in CVE-2008-1483 is covered by moving to the next port on
EADDRINUSE.

The patch was to not fail for EADDRNOTAVAIL which is a completely
different condition.  All errors are not equal.

Note the old code was wrong to continue on ai->ai_next being non
NULL which was why I removed the examination of ai->ai_next when I
reported this problem.  I had already thought about other applications
listening on one of the interfaces and not the other which is why
I looked at the value of errno.

Mark

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list