[Bug 2636] Fix X11 forwarding, when ::1 is not configured

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 10 09:59:53 AEDT 2016


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
                 CC|                            |dtucker at zip.com.au

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Tomas Kuthan from comment #0)
> When this particular error is returned by bind, it is safe to
> continue with the next address returned by getaddrinfo(), because in
> that case there is no risk of forwarded X11 connections being
> hijacked (CVE-2008-1483).

No, there is still a risk, eg if the IPv6 address loopback is added
after a connection is made.

getaddrinfo w/AI_PASSIVE should not return non-existent addresses. 
Quoting RFC3493:

   If the AI_PASSIVE flag is specified, the returned address
   shall be suitable for use in binding a socket for accepting incoming
   connections for the specified service (i.e., a call to bind()).

In this case the returned address is not suitable to bind because it'll
never work (unless you race bring up the interface).

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list