[Bug 2735] New: Wrong address family handling for tun devices
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Jul 3 08:27:42 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2735
Bug ID: 2735
Summary: Wrong address family handling for tun devices
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Other
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: stepe at centaurus.uberspace.de
Created attachment 3005
--> https://bugzilla.mindrot.org/attachment.cgi?id=3005&action=edit
Patch to fix address family handling for sys_tun_infilter()
[Also affects sshd.
Affected OSes depend on SSH_TUN_COMPAT_AF and SSH_TUN_PREPEND_AF.]
Hello OpenSSH developers,
I noticed issues with the address family handling for tun devices in
the sys_tun_infilter() and sys_tun_outfilter() functions.
An example symptom is that when using tuns with IPv6 on Linux
(SSH_TUN_COMPAT_AF and SSH_TUN_PREPEND_AF defined), the client sends
tunneled packets with the (fallback) v4 family.
In sys_tun_infilter(), the AF is not always converted to network byte
order. Please see the first attached patch.
In sys_tun_outfilter(), the af pointer is assigned from the integer
return value of ntohl() and then later dereferenced. Please see the
second patch for a proposed fix.
I have/could not test this second patch as I do not have a platform
with SSH_TUN_COMPAT_AF, but not SSH_TUN_PREPEND_AF (at least not that I
know).
Have a nice day,
Peter
PS: Thank you for developing and maintaining OpenSSH and OpenBSD
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list