Bug 401

Summary:

ipv4 mapped address (ipv4 in ipv6) and ipv6 support fix

Product:

Portable OpenSSH

Reporter:

YOSHIFUJI Hideaki <yoshfuji>

Component:

sshd

Assignee:

OpenSSH Bugzilla mailing list <openssh-bugs>

Status:

CLOSED FIXED

Severity:

normal

CC:

cjwatson

Priority:

Version:

-current

Hardware:

All

OS:

Linux

Attachments:

Description	Flags
set length of sockaddr{}. run sshd with glibc-2.2 on linux-2.2	none
patch to run openssh-3.5p1 on linux-2.2 & glibc-2.2(or later)	none
More simple patch	none

Description YOSHIFUJI Hideaki 2002-09-24 03:47:23 AEST

There are two problems related to ipv4 mapped address support.
In canohost.c,

 1) we forgot to set length of structure when converting a sockaddr_in6{}
    which contains ipv4-mapped address to a sockaddr_in{}.
 2) we failed to accept any connections on newer library with socpe-id
    (ex. glibc-2.2.x) on old kernel without scope-id (ex. linux-2.2.x).

patch will follow.

Comment 1 YOSHIFUJI Hideaki 2002-09-24 03:50:05 AEST

Created attachment 148 [details]
set length of sockaddr{}.  run sshd with glibc-2.2 on linux-2.2

Comment 2 YOSHIFUJI Hideaki 2002-09-24 11:36:54 AEST

To clarify:
 - one is ipv4 mapped issue
 - another is ipv6 sin6_scope_id issue.
 - with latter one, we do not able to accept ipv4 connection 
   via ipv6 socket using "ipv4-mapped address" feature
   on some platforms.

Comment 3 Damien Miller 2002-09-25 14:33:48 AEST

I am not sure I understand this patch completely - I can't see anything relating
to scope-id. is the scope-id incompatibility because of different sized
sockaddr_in6 structure lengths?

How does the problem manifest in unpatched OpenSSH?

Comment 4 YOSHIFUJI Hideaki 2002-09-25 15:04:26 AEST

>is the scope-id incompatibility because of different sized
>sockaddr_in6 structure lengths?

Yes, if you try to run sshd with ipv6 support with glibc-2.2 on linux-2.2,
sshd disconnects any connections.  This is because
 - kernel gives sshd sockaddr_in6 without sin6_scope_id (size is 24 bytes)
 - glibc-2.2 expects sockaddr_in6 is 28 bytes long and 
   getnameinfo() failed because length is different than one expected.


>How does the problem manifest in unpatched OpenSSH?
|# sshd -6 -d
|:
|debug1: Bind to port 22 on ::.
|Server listening on :: port 22.
|Generating 768 bit RSA key.
|RSA key generation complete.
|debug1: Server will not fork when running in debugging mode.

When I connect to this sshd, sshd disconnects immediately.

|% ssh -v 127.0.0.1 
:
|debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
|debug1: Connection established.
:
|ssh_exchange_identification: Connection closed by remote host
|debug1: Calling cleanup 0x8064174(0x0)

sshd debug messages are:

|get_sock_port: getnameinfo NI_NUMERICSERV failed
|debug1: Calling cleanup 0x806be4c(0x0)

Comment 5 Damien Miller 2002-09-25 15:21:15 AEST

OK - I understand now. We generally try to "#ifdef (platform)" in portable
OpenSSH. Would you patch work if it were changed to do something like:

if (addr.ss_family == AF_INET6)
        fromlen = MIN(fromlen, sizeof(struct sockaddr_in6));

Comment 6 YOSHIFUJI Hideaki 2003-01-06 12:20:40 AEDT

Created attachment 194 [details]
patch to run openssh-3.5p1 on linux-2.2 & glibc-2.2(or later)

This is modified patch for openssh-3.5p1.
Patch is simplified.

Comment 7 Damien Miller 2003-01-07 10:21:28 AEDT

Created attachment 195 [details]
More simple patch

This patch should be OK for all platforms without evil #ifdefs

Comment 8 Damien Miller 2003-01-07 10:51:44 AEDT

Applied - this should be neutral to other platforms.

Comment 9 Damien Miller 2004-04-14 12:24:18 AEST

Mass change of RESOLVED bugs to CLOSED