Project

General

Profile

Bug #5836

sshd VerifyReverseMapping fails for IPv4 connections to machines with IPv6 addresses.

Added by Andy Fiddaman over 5 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
2015-04-14
Due date:
% Done:

80%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

The code in sshd which verifies the reverse mapping for a client IP address (VerifyReverseMapping yes in sshd_config) fails if the system has an IPv6 address. The client IP address is returned as an IPv4 mapped address which is subsequently converted to a plain IPv4 address. When the forward mapping is performed to check the IP address, the plain IPv4 address is passed along with what is now the wrong address family.

Dtrace shows:

Entering get_remote_hostname()
getpeername ss_family=26
getnameinfo(flags=2)
returning 0 (::ffff:192.168.1.1)
getnameinfo(flags=4)
returning 0 (test.citrus-it.net)
getaddrinfo(test.citrus-it.net, family=26)
returning 7 (EAI_NODATA)
get_remote_hostname() returning "192.168.1.1"

History

#1

Updated by Richard PALO about 5 years ago

I happened to notice quickly via opengrok that inetsvc.c and ftp.c define/use as well a function of this name.
Did you check to see if there are updates to bring there as well?

#2

Updated by Yuri Pankov over 3 years ago

  • Status changed from In Progress to Feedback
#3

Updated by Yuri Pankov over 3 years ago

  • Status changed from Feedback to Closed

sunssh is no more.

Also available in: Atom PDF