[Bug 2804] channels.c:3258: suspicious code ?

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Dec 5 12:19:10 AEDT 2017


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WORKSFORME
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
AFAIK this is actually correct and support the case of "localhost"
requesting both IPv4 and IPv6 loopback addresses as well as

First, this code is only reachable for GatewayPorts=clientspecified or
we're on the client side (where the client gets to specify the listen
address always). Here we want to allow arbitrary listen addresses, but
"localhost" needs special-casing because it should yield listeners that
respond to both IPv4 and IPv6 connections.


1) if listen_addr=="::1" or "" we accept it as addr

2) If listen_addr=="localhost" we leave addr=NULL and *wildcardp is set
to 0.

3) If listen_addr is anything else, then we accept it as addr.

Later, addr/wildcard is used like this:

3294    /* Determine the bind address, cf. channel_fwd_bind_addr()
comment */
3295    addr = channel_fwd_bind_addr(fwd->listen_host, &wildcard,
3296        is_client, fwd_opts);
3297    debug3("%s: type %d wildcard %d addr %s", __func__,
3298        type, wildcard, (addr == NULL) ? "NULL" : addr);
3300    /*
3301     * getaddrinfo returns a loopback address if the hostname is
3302     * set to NULL and hints.ai_flags is not AI_PASSIVE
3303     */
3304    memset(&hints, 0, sizeof(hints));
3305    hints.ai_family = ssh->chanctxt->IPv4or6;
3306    hints.ai_flags = wildcard ? AI_PASSIVE : 0;
3307    hints.ai_socktype = SOCK_STREAM;
3308    snprintf(strport, sizeof strport, "%d", fwd->listen_port);
3309    if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {

so listen_addr == localhost yields getaddrinfo(NULL,...) that give us
sockets for both IPv4 and IPv6

(yes, this is confusing)

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list