openssh unix dev - Apr 2002 - problem with X11 forwarding and use_localhost on Linux (solution)

On Linux (and others that define DONT_TRY_OTHER_AF)
x11_create_display_inet() will only use the first entry returned by
getaddrinfo(). When binding sockets to "ANY" this is fine on Linux
since a PF_INET6 socket bound to ANY will also include IPv4. However
when x11_use_localhost (X11UseLocalhost) is set, this is a problem.
getaddrinfo() will then return an AF_INET6 entry with IPv6 address
::1 and also AF_INET entry with IPv4 address 127.0.0.1. Currently
one binds only to the first (unless that bind fails), but should
bind to both. Even on Linux, a bind to ::1 does not include
127.0.0.1.

I think this can be fixed with the following patch:

--- channels-orig.c     Tue Mar 26 04:26:25 2002
+++ channels.c  Tue Apr 23 15:09:28 2002
@@ -2392,7 +2392,8 @@
                        if (num_socks == NUM_SOCKS)
                                break;
 #else
-                       break;
+                       if (!x11_use_localhost || num_socks == NUM_SOCKS)
+                               break;
 #endif
                }
                freeaddrinfo(aitop);

Stig

On Tue, 23 Apr 2002, Stig Venaas wrote:
:On Linux (and others that define DONT_TRY_OTHER_AF)
:x11_create_display_inet() will only use the first entry returned by
:getaddrinfo(). When binding sockets to "ANY" this is fine on Linux
:since a PF_INET6 socket bound to ANY will also include IPv4. However
:when x11_use_localhost (X11UseLocalhost) is set, this is a problem.
:getaddrinfo() will then return an AF_INET6 entry with IPv6 address
:::1 and also AF_INET entry with IPv4 address 127.0.0.1. Currently
:one binds only to the first (unless that bind fails), but should
:bind to both. Even on Linux, a bind to ::1 does not include
:127.0.0.1.
:
:I think this can be fixed with the following patch:
:
:--- channels-orig.c     Tue Mar 26 04:26:25 2002
:+++ channels.c  Tue Apr 23 15:09:28 2002
:@@ -2392,7 +2392,8 @@
:                        if (num_socks == NUM_SOCKS)
:                                break;
: #else
:-                       break;
:+                       if (!x11_use_localhost || num_socks == NUM_SOCKS)
:+                               break;
: #endif
:                }
:                freeaddrinfo(aitop);

this is what is in:
http://bugzilla.mindrot.org/show_bug.cgi?id=164

i still don't understand exactly why DONT_TRY_OTHER_AF is needed?