bugzilla-daemon at bugzilla.mindrot.org
2007-Sep-01 04:05 UTC
[Bug 1356] New: X11 forwarding broken.
http://bugzilla.mindrot.org/show_bug.cgi?id=1356
Summary: X11 forwarding broken.
Product: Portable OpenSSH
Version: 4.5p1
Platform: Other
OS/Version: FreeBSD
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: marka at isc.org
Created an attachment (id=1343)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1343)
X11 bind(2) error handling.
I was testing FreeBSD 6-STABLE with no IPv4 interfaces configured.
I was unable to forward X11 in this configuration.
The reason it failed was that IPv4 was the last address family
returned by getaddrinfo(). The attached patch changes the error
behaviour on bind(2) failures to be dependent on errno and not
the position in the list returned by getaddrinfo().
Also logged w/ FreeBSD as bin/115960.
Mark
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Sep-01 04:09 UTC
[Bug 1356] X11 forwarding broken.
http://bugzilla.mindrot.org/show_bug.cgi?id=1356
Mark Andrews <marka at isc.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1343 is|0 |1
obsolete| |
--- Comment #1 from Mark Andrews <marka at isc.org> 2007-09-01 14:09:37
---
Created an attachment (id=1344)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1344)
X11 bind(2) error handling
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Aug-18 00:26 UTC
[Bug 1356] X11 forwarding broken.
https://bugzilla.mindrot.org/show_bug.cgi?id=1356
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #2 from Damien Miller <djm at mindrot.org> 2009-08-18 10:26:34
EST ---
The logic for X11 binding has changed as a result of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 --
OpenSSH>5.0 will still fail in this case (getaddrinfo() returning both IPv4
and v6 addrs but bind not working for one of them), but it will fail
/on purpose/.
Given the problem that gave us CVE-2008-1483, I think OpenSSH refusing
X11 forwarding is the only reasonable solution. IMO getaddrinfo()
shouldn't return addresses that cannot be bound. A workaround for this
is to explicitly set AddressFamily in sshd_config(5).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Aug-21 07:31 UTC
[Bug 1356] X11 forwarding broken.
https://bugzilla.mindrot.org/show_bug.cgi?id=1356
Mark Andrews <marka at isc.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |
--- Comment #3 from Mark Andrews <marka at isc.org> 2009-08-21 17:31:23
EST ---> The logic for X11 binding has changed as a result of
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 -- OpenSSH
> >5.0 will still fail in this case (getaddrinfo() returning both IPv4
> and v6 addrs but bind not working for one of them), but it will fail
> /on purpose/.
There is a difference between EADDRINUSE and EADDRNOTAVAIL. One
indicates that the <address,port> tuple is in use. The other
indicates that the interface does not exist.
> Given the problem that gave us CVE-2008-1483, I think OpenSSH refusing
> X11 forwarding is the only reasonable solution. IMO getaddrinfo()
> shouldn't return addresses that cannot be bound. A workaround for this
> is to explicitly set AddressFamily in sshd_config(5).
The case in CVE-2008-1483 is covered by moving to the next port on
EADDRINUSE.
The patch was to not fail for EADDRNOTAVAIL which is a completely
different condition. All errors are not equal.
Note the old code was wrong to continue on ai->ai_next being non
NULL which was why I removed the examination of ai->ai_next when I
reported this problem. I had already thought about other applications
listening on one of the interfaces and not the other which is why
I looked at the value of errno.
Mark
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Aug-21 15:37 UTC
[Bug 1356] X11 forwarding broken.
https://bugzilla.mindrot.org/show_bug.cgi?id=1356 --- Comment #4 from Damien Miller <djm at mindrot.org> 2009-08-22 01:37:14 EST --- Well, the case I had in mind was a machine that has an IPv6 address but not yet an IPv4 address (e.g. via rtsol and dhcp racing). sshd could end up binding the IPv6 socket but not an IPv4 one that could subsequently become valid. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Seemingly Similar Threads
- [Bug 1950] New: sshd tries to bind over and over to ::1 for several seconds
- [Bug 2143] New: X11 forwarding for ipv4 is broken when ipv6 is disabled on the loopback interface
- 5.2: Solaris 10 x86 x-11 forwarding fails, assign requested address
- OpenSSH -current segfaults on HP-UX+gcc
- X11 forwarding with IPv6 disabled