openssh unix dev - Mar 2000 - patch for openssh-1.2.2p1

Hi,

openssh-1.2.2p1 seems to have 2 problems on ipv6 (and
ipv4 mapped addresses).

 1. "BREAKIN ATTEMPT" warnings from ipv4 node
 2. X forwarding

The following patche fixes them.
Thanks.

diff -ru openssh-1.2.2p1/canohost.c openssh-1.2.2p1-20000308/canohost.c
--- openssh-1.2.2p1/canohost.c	Fri Jan 14 13:45:48 2000
+++ openssh-1.2.2p1-20000308/canohost.c	Wed Mar  8 00:25:18 2000
@@ -42,6 +42,22 @@
 		debug("getpeername failed: %.100s", strerror(errno));
 		fatal_cleanup();
 	}
+
+#ifdef IPV4_IN_IPV6
+	if (((struct sockaddr *)&from)->sa_family == AF_INET6 &&
+	    IN6_IS_ADDR_V4MAPPED((&((struct sockaddr_in6
*)&from)->sin6_addr))){
+		struct in_addr addr;
+		u_int16_t port;
+		memcpy(&addr, ((char *)&((struct sockaddr_in6
*)&from)->sin6_addr)+12,
+		       sizeof(addr));
+		port = ((struct sockaddr_in6 *)&from)->sin6_port;
+		memset(&from, 0, sizeof(from));
+		((struct sockaddr_in *)&from)->sin_family = AF_INET;
+		memcpy(&((struct sockaddr_in *)&from)->sin_addr, &addr,
sizeof(addr));
+		((struct sockaddr_in *)&from)->sin_port = port;
+	}
+#endif
+
 	if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
 	     NULL, 0, NI_NUMERICHOST) != 0)
 		fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
diff -ru openssh-1.2.2p1/channels.c openssh-1.2.2p1-20000308/channels.c
--- openssh-1.2.2p1/channels.c	Fri Mar  3 20:35:33 2000
+++ openssh-1.2.2p1-20000308/channels.c	Wed Mar  8 00:25:18 2000
@@ -1215,8 +1215,12 @@
 				break;
 			}
 			socks[num_socks++] = sock;
+#ifndef DONT_TRY_OTHER_AF
 			if (num_socks == NUM_SOCKS)
 				break;
+#else
+			break;
+#endif
 		}
 		if (num_socks > 0)
 			break;
diff -ru openssh-1.2.2p1/config.h.in openssh-1.2.2p1-20000308/config.h.in
--- openssh-1.2.2p1/config.h.in	Tue Mar  7 20:05:59 2000
+++ openssh-1.2.2p1-20000308/config.h.in	Wed Mar  8 00:25:18 2000
@@ -131,6 +131,9 @@
 /* Use IPv4 for connection by default, IPv6 can still if explicity asked */
 #undef IPV4_DEFAULT
 
+/* Assume IPv4 mapped addresses IPv4 addresses */
+#undef IPV4_IN_IPV6
+
 /* getaddrinfo is broken (if present) */
 #undef BROKEN_GETADDRINFO
 
diff -ru openssh-1.2.2p1/configure.in openssh-1.2.2p1-20000308/configure.in
--- openssh-1.2.2p1/configure.in	Sun Mar  5 15:02:46 2000
+++ openssh-1.2.2p1-20000308/configure.in	Wed Mar  8 00:26:15 2000
@@ -56,6 +56,8 @@
 *-*-linux*)
 	no_dev_ptmx=1
 	need_pty_removed_on_close=1
+	CFLAGS="$CFLAGS -DDONT_TRY_OTHER_AF"
+	inet6_default_4in6=yes
 	;;
 *-*-netbsd*)
 	need_dash_r=1
@@ -778,6 +780,26 @@
 	[
 		if test "x$withval" != "xno" ; then	
 			AC_DEFINE(IPV4_DEFAULT)
+		fi
+	]
+)
+
+AC_MSG_CHECKING([whether we assume IPv6-mapped addresses IPv4 addresses])
+AC_ARG_WITH(ipv4-in-ipv6,
+	[  --with-ipv4-in-ipv6     assumes ipv4 mapped addresses ipv4 addresses],
+	[
+		if test "x$withval" != "xno" ; then
+			AC_MSG_RESULT(yes)
+			AC_DEFINE(IPV4_IN_IPV6)
+		else
+			AC_MSG_RESULT(no)
+		fi
+	],[
+		if test "x$inet6_default_4in6" = "xyes"; then
+			AC_MSG_RESULT([yes (default)])
+			AC_DEFINE(IPV4_IN_IPV6)
+		else
+			AC_MSG_RESULT([no (default)])
 		fi
 	]
 )

-- 
Hideaki YOSHIFUJI <yoshfuji at ecei.tohoku.ac.jp>
Web Page: http://www.ecei.tohoku.ac.jp/%7Eyoshfuji/
PGP5i FP: F731 6599 5EB2 BBA7 1515  1323 1806 A96F 5700 6B25

Anyone want to provide me with better detailed information as to what
sigsuspend() really does.  It seems to be linked to Ctrl-Z.  Since Ctrl-Z
at the password prompt does not re-enable shell echoing.  

thanks.

On Wed, 8 Mar 2000, Hideaki YOSHIFUJI wrote:
> Hi,
> 
> openssh-1.2.2p1 seems to have 2 problems on ipv6 (and
> ipv4 mapped addresses).
> 
>  1. "BREAKIN ATTEMPT" warnings from ipv4 node
>  2. X forwarding
How does this patch look to you?

Regards,
Damien Miller

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)


-------------- next part --------------
Index: acconfig.h
==================================================================RCS file:
/var/cvs/openssh/acconfig.h,v
retrieving revision 1.53
diff -u -r1.53 acconfig.h
--- acconfig.h	2000/03/09 11:31:13	1.53
+++ acconfig.h	2000/03/11 09:38:46
@@ -153,6 +153,12 @@
 /* getaddrinfo is broken (if present) */
 #undef BROKEN_GETADDRINFO
 
+/* Workaround more Linux IPv6 bugs */
+#undef DONT_TRY_OTHER_AF
+
+/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
+#undef IPV4_IN_IPV6
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line
************** */
Index: canohost.c
==================================================================RCS file:
/var/cvs/openssh/canohost.c,v
retrieving revision 1.7
diff -u -r1.7 canohost.c
--- canohost.c	2000/01/14 04:45:48	1.7
+++ canohost.c	2000/03/11 09:38:49
@@ -42,6 +42,30 @@
 		debug("getpeername failed: %.100s", strerror(errno));
 		fatal_cleanup();
 	}
+
+#ifdef IPV4_IN_IPV6
+	if (from.ss_family == AF_INET6) {
+		struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from;
+
+		/* Detect IPv4 in IPv6 mapped address and convert it to */
+		/* plain (AF_INET) IPv4 address */
+		if (IN6_IS_ADDR_V4MAPPED(&from6->sin6_addr)) {
+			struct sockaddr_in *from4 = (struct sockaddr_in *)&from;
+			struct in_addr addr;
+			u_int16_t port;
+
+			memcpy(&addr, ((char *)&from6->sin6_addr) + 12, sizeof(addr));
+			port = from6->sin6_port;
+
+			memset(&from, 0, sizeof(from));
+			
+			from4->sin_family = AF_INET;
+			memcpy(&from4->sin_addr, &addr, sizeof(addr));
+			from4->sin_port = port;
+		}
+	}
+#endif
+
 	if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
 	     NULL, 0, NI_NUMERICHOST) != 0)
 		fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
Index: channels.c
==================================================================RCS file:
/var/cvs/openssh/channels.c,v
retrieving revision 1.17
diff -u -r1.17 channels.c
--- channels.c	2000/03/03 11:35:33	1.17
+++ channels.c	2000/03/11 09:39:12
@@ -1215,8 +1215,12 @@
 				break;
 			}
 			socks[num_socks++] = sock;
+#ifndef DONT_TRY_OTHER_AF
 			if (num_socks == NUM_SOCKS)
 				break;
+#else
+			break;
+#endif
 		}
 		if (num_socks > 0)
 			break;
Index: configure.in
==================================================================RCS file:
/var/cvs/openssh/configure.in,v
retrieving revision 1.93
diff -u -r1.93 configure.in
--- configure.in	2000/03/11 09:05:12	1.93
+++ configure.in	2000/03/11 09:39:22
@@ -55,6 +55,8 @@
 	;;
 *-*-linux*)
 	no_dev_ptmx=1
+	AC_DEFINE(DONT_TRY_OTHER_AF)
+	inet6_default_4in6=yes
 	;;
 *-*-netbsd*)
 	need_dash_r=1
@@ -784,6 +786,26 @@
 	[
 		if test "x$withval" != "xno" ; then	
 			AC_DEFINE(IPV4_DEFAULT)
+		fi
+	]
+)
+
+AC_MSG_CHECKING([to convert IPv4 in IPv6-mapped addresses])
+AC_ARG_WITH(4in6,
+	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped
addresses],
+	[
+		if test "x$withval" != "xno" ; then
+			AC_MSG_RESULT(yes)
+			AC_DEFINE(IPV4_IN_IPV6)
+		else
+			AC_MSG_RESULT(no)
+		fi
+	],[
+		if test "x$inet6_default_4in6" = "xyes"; then
+			AC_MSG_RESULT([yes (default)])
+			AC_DEFINE(IPV4_IN_IPV6)
+		else
+			AC_MSG_RESULT([no (default)])
 		fi
 	]
 )