BindAddress with Openssh
Markus Friedl
markus at openbsd.org
Thu Mar 21 21:13:15 EST 2002
seems fake-getaddrinfo is broken.
If the AI_PASSIVE bit is set in the ai_flags member of the hints struc-
ture, then the caller plans to use the returned socket address structure
in a call to bind()
so AI_PASSIVE should be set for BindAddress.
On Thu, Mar 21, 2002 at 09:01:57PM +1100, David Moline wrote:
> Hi
>
> In a nutshell, the BindAddress functionality doesn't seem to work (at
> least on Solaris 7 when using the fake-gettaddrinfo module provided). I
> haven't been able to test on other OS versions or using an OS library
> provided getaddrinfo (such as OpenBSD), but the unless the functionality
> of getaddrinfo is majorly different, I think this problem would be
> similar everywhere.
>
> The code in question in sshconnect.c (lines 201 to 209) to first checks
> if the options.bindaddr is NULL, if it is not it sets the hints.ai_flag
> value to AI_PASSIVE. The effect of this seems to me to bind the outgoing
> connections to "anyaddr" not the address specified by options.bindaddr.
> If the AI_PASSIVE assignment at line 208 is removed, then the bind
> address for outgoing connections operates as expected.
>
> I'm not sure of the security implications of changing or removing this
> line of code, but your thoughts would be appreciated.
>
> Regards
> David Moline
> Bable Consulting
> Melbourne, Australia
> +61 (0) 418 599 933
>
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list