OpenSSH 5.1: call for testing

Mon Jul 14 20:04:41 EST 2008

On Jul 14 11:59, Damien Miller wrote:
> On Tue, 8 Jul 2008, Corinna Vinschen wrote:
> > On Jul  9 00:18, Damien Miller wrote:
> > > I'm not sure of a good way to determine at runtime whether IPv6 is
> > > available on a platform. Perhaps these tests should be disabled in
> > > portable or made non-fatal.
> > 
> > Ack.  Unfortunately `ssh -6' falls silently back to IPv4 instead of
> > complaining on platforms not supporting IPv6.  Complaining would allow
> > to use this as a test.
> 
> It shouldn't!
> 
> [djm at fuyu ssh]$ ssh -6 anoncvs.mindrot.org
> ssh: Could not resolve hostname anoncvs.mindrot.org: no address associated with name
> [djm at fuyu ssh]$ echo $?
> 255
> 
> (verified on OpenBSD and Linux)

Your example is not what I had in mind.

In your scenario ssh is running on an OS which supports IPv6, but the
target you're trying to connect to has no IPv6 address.

I'm talking about running ssh on a system which doesn't support IPv6 at
all and which doesn't even know the newer system calls getaddrinfo,
getnameinfo, freeaddrinfo, like the older Cygwin releases.  The main
difference to your scenario is that ssh uses the getaddrinfo implementation
in openbsd-compat/fake-rfc2553.c.

And here's the problem.  getaddrinfo in fake-rfc2553.c does not check
for the requested address family.  Actually it should only allow
hints->ai_family == AF_UNSPEC or == AF_INET, and it should return with
EAI_FAMILY if hints->ai_family is anything else.  Since it doesn't, `ssh
-6 foo' will happily use AF_INET and just work.

Below you'll find a patch which fixes that problem in fake-rfc2553.c.
Tested on Cygwin 1.5.25.

Before:

  cygwin$ ssh -6 foo
  [...]
  foo$ echo $SSH_CONNECTION
  192.168.129.14 1217 192.168.129.6 22

With the patch:

  cygwin$ ssh foo
  [...]
  foo$ echo $SSH_CONNECTION
  192.168.129.14 1217 192.168.129.6 22
  
  cygwin$ ssh -4 foo
  [...]
  foo$ echo $SSH_CONNECTION
  192.168.129.14 1217 192.168.129.6 22

  cygwin$ ssh -6 foo
  ssh: Could not resolve hostname calimero: ai_family not supported


Corinna


Index: openbsd-compat/fake-rfc2553.h
===================================================================
RCS file: /cvs/openssh/openbsd-compat/fake-rfc2553.h,v
retrieving revision 1.15
diff -u -p -r1.15 fake-rfc2553.h

--- openbsd-compat/fake-rfc2553.h	10 Jun 2008 13:52:51 -0000	1.15
+++ openbsd-compat/fake-rfc2553.h	14 Jul 2008 10:00:38 -0000
@@ -129,6 +129,9 @@ struct sockaddr_in6 {
 #ifndef EAI_SYSTEM
 # define EAI_SYSTEM	(INT_MAX - 4)
 #endif
+#ifndef EAI_FAMILY
+# define EAI_FAMILY	(INT_MAX - 5)
+#endif
 
 #ifndef HAVE_STRUCT_ADDRINFO
 struct addrinfo {
Index: openbsd-compat/fake-rfc2553.c
===================================================================
RCS file: /cvs/openssh/openbsd-compat/fake-rfc2553.c,v
retrieving revision 1.9
diff -u -p -r1.9 fake-rfc2553.c
--- openbsd-compat/fake-rfc2553.c	17 Aug 2006 08:55:28 -0000	1.9
+++ openbsd-compat/fake-rfc2553.c	14 Jul 2008 10:00:38 -0000
@@ -51,6 +51,8 @@ int getnameinfo(const struct sockaddr *s
 	struct hostent *hp;
 	char tmpserv[16];
 
+	if (sa->sa_family != AF_UNSPEC && sa->sa_family != AF_INET)
+		return (EAI_FAMILY);
 	if (serv != NULL) {
 		snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
 		if (strlcpy(serv, tmpserv, servlen) >= servlen)
@@ -95,6 +97,8 @@ gai_strerror(int err)
 		return ("memory allocation failure.");
 	case EAI_NONAME:
 		return ("nodename nor servname provided, or not known");
+	case EAI_FAMILY:
+		return ("ai_family not supported");
 	default:
 		return ("unknown/invalid error.");
 	}
@@ -159,6 +163,9 @@ getaddrinfo(const char *hostname, const 
 	u_long addr;
 
 	port = 0;
+	if (hints && hints->ai_family != AF_UNSPEC &&
+	    hints->ai_family != AF_INET)
+		return (EAI_FAMILY);
 	if (servname != NULL) {
 		char *cp;
 

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
