Bug 401 - ipv4 mapped address (ipv4 in ipv6) and ipv6 support fix
Summary: ipv4 mapped address (ipv4 in ipv6) and ipv6 support fix
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: All Linux
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-09-24 03:47 AEST by YOSHIFUJI Hideaki
Modified: 2004-04-14 12:24 AEST (History)
1 user (show)

See Also:

Attachments
set length of sockaddr{}. run sshd with glibc-2.2 on linux-2.2 (1.42 KB, patch)
2002-09-24 03:50 AEST, YOSHIFUJI Hideaki 		no flags Details | Diff
patch to run openssh-3.5p1 on linux-2.2 & glibc-2.2(or later) (1.19 KB, patch)
2003-01-06 12:20 AEDT, YOSHIFUJI Hideaki 		no flags Details | Diff
More simple patch (1.27 KB, patch)
2003-01-07 10:21 AEDT, Damien Miller 		no flags Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description YOSHIFUJI Hideaki 2002-09-24 03:47:23 AEST 
There are two problems related to ipv4 mapped address support.
In canohost.c,

 1) we forgot to set length of structure when converting a sockaddr_in6{}
    which contains ipv4-mapped address to a sockaddr_in{}.
 2) we failed to accept any connections on newer library with socpe-id
    (ex. glibc-2.2.x) on old kernel without scope-id (ex. linux-2.2.x).

patch will follow.
Comment 1 YOSHIFUJI Hideaki 2002-09-24 03:50:05 AEST 
Created attachment 148 [details]
set length of sockaddr{}.  run sshd with glibc-2.2 on linux-2.2
Comment 2 YOSHIFUJI Hideaki 2002-09-24 11:36:54 AEST 
To clarify:
 - one is ipv4 mapped issue
 - another is ipv6 sin6_scope_id issue.
 - with latter one, we do not able to accept ipv4 connection 
   via ipv6 socket using "ipv4-mapped address" feature
   on some platforms.
Comment 3 Damien Miller 2002-09-25 14:33:48 AEST 
I am not sure I understand this patch completely - I can't see anything relating
to scope-id. is the scope-id incompatibility because of different sized
sockaddr_in6 structure lengths?

How does the problem manifest in unpatched OpenSSH?
Comment 4 YOSHIFUJI Hideaki 2002-09-25 15:04:26 AEST 
>is the scope-id incompatibility because of different sized
>sockaddr_in6 structure lengths?

Yes, if you try to run sshd with ipv6 support with glibc-2.2 on linux-2.2,
sshd disconnects any connections.  This is because
 - kernel gives sshd sockaddr_in6 without sin6_scope_id (size is 24 bytes)
 - glibc-2.2 expects sockaddr_in6 is 28 bytes long and 
   getnameinfo() failed because length is different than one expected.


>How does the problem manifest in unpatched OpenSSH?
|# sshd -6 -d
|:
|debug1: Bind to port 22 on ::.
|Server listening on :: port 22.
|Generating 768 bit RSA key.
|RSA key generation complete.
|debug1: Server will not fork when running in debugging mode.

When I connect to this sshd, sshd disconnects immediately.

|% ssh -v 127.0.0.1 
:
|debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
|debug1: Connection established.
:
|ssh_exchange_identification: Connection closed by remote host
|debug1: Calling cleanup 0x8064174(0x0)

sshd debug messages are:

|get_sock_port: getnameinfo NI_NUMERICSERV failed
|debug1: Calling cleanup 0x806be4c(0x0)
Comment 5 Damien Miller 2002-09-25 15:21:15 AEST 
OK - I understand now. We generally try to "#ifdef (platform)" in portable
OpenSSH. Would you patch work if it were changed to do something like:

if (addr.ss_family == AF_INET6)
        fromlen = MIN(fromlen, sizeof(struct sockaddr_in6));
Comment 6 YOSHIFUJI Hideaki 2003-01-06 12:20:40 AEDT 
Created attachment 194 [details]
patch to run openssh-3.5p1 on linux-2.2 & glibc-2.2(or later)

This is modified patch for openssh-3.5p1.
Patch is simplified.
Comment 7 Damien Miller 2003-01-07 10:21:28 AEDT 
Created attachment 195 [details]
More simple patch

This patch should be OK for all platforms without evil #ifdefs
Comment 8 Damien Miller 2003-01-07 10:51:44 AEDT 
Applied - this should be neutral to other platforms.
Comment 9 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED