openssh unix dev - Sep 2004 - IPv6 + user@ipaddress

Using:
Solaris 8.0
OpenSSH OpenSSH_3.8p1


I believe I may have found a bug when dealing with restricting user at
ipv6address
in cases when adjacent colons do not expand to multiple fields.

For example:
If I have any of the following entries in sshd_config, it will let me in:

user at 1234:0234:0234:0000:0234:1234:1234:1234
user at 1234:234:234:0000:234:1234:1234:1234
user at 1234:234:234:0:234:1234:1234:1234

However, if I reduce the address as much as possible, to the below entry it will
reject my login attempt:

user at 1234:234:234::234:1234:1234:1234

This only appears to happen on addresses where seven of the eight octets have 
something besides zero in them.  In this case, the system logs will show refused
entry
if the adress is written with :: instead of :0:

Note: this does NOT happen if the colons expand to multiple fields.  For
example, any of the
following notations for the same address will let me into the box:

user at 1234:0234:0000:0000:0234:1234:1234:1234
user at 1234:0234:0:0:0234:1234:1234:1234
user at 1234:234:0:0:234:1234:1234:1234
user at 1234:234::234:1234:1234:1234

I checked the archives, bugzilla and release notes and did not see mention of
this.  If
it's a known issue, I apologize for the waste of time.

-Healy

Healy wrote:
> Using:
> Solaris 8.0
> OpenSSH OpenSSH_3.8p1
> 
> 
> I believe I may have found a bug when dealing with restricting user at
ipv6address
> in cases when adjacent colons do not expand to multiple fields.
> 
> For example:
> If I have any of the following entries in sshd_config, it will let me in:
> 
> user at 1234:0234:0234:0000:0234:1234:1234:1234
> user at 1234:234:234:0000:234:1234:1234:1234
> user at 1234:234:234:0:234:1234:1234:1234
> 
> However, if I reduce the address as much as possible, to the below entry it
will
> reject my login attempt:
We will need server debug logs if we are to help here, but I suspect a
bug in your systems getnameinfo(). Have you applied all your OS patches?

-d