[Bug 2636] New: Fix X11 forwarding, when ::1 is not configured

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2636

            Bug ID: 2636
           Summary: Fix X11 forwarding, when ::1 is not configured
           Product: Portable OpenSSH
           Version: 7.3p1
          Hardware: Sparc
                OS: Solaris
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tomas.kuthan at oracle.com

When IPv6 loopback is disabled on a host, X11 forwarding fails.

        tomas at tkuthan-cz:~$ ipadm show-addr lo0
        ADDROBJ           TYPE     STATE        ADDR
        lo0/v4            static   ok           127.0.0.1/8
        tomas at tkuthan-cz:~$ ssh -XY localhost xterm
        X11 forwarding request failed on channel 0
        xterm: Xt error: Can't open display: 
        xterm: DISPLAY is not set
        tomas at tkuthan-cz:~$

Syslog shows the following error:

Nov  9 15:36:39 tkuthan-cz sshd[5046]: [ID 800047 auth.error] error:
Failed to allocate internet-domain X11 display socket

This is caused by bind() failing with EADDRNOTAVAIL on ::1 in
x11_create_display_inet.

When this particular error is returned by bind, it is safe to continue
with the next address returned by getaddrinfo(), because in that case
there is no risk of forwarded X11 connections being hijacked
(CVE-2008-1483).

Binding to 127.0.0.1 succeeds and makes X11 forwarding work again.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.