I've been working on cleanup of remnants of Internet Class A/B/C in
FreeBSD, and came across a piece of code in sshconnect.c that I'd
like to change. The current code checks for loopback addresses by
picking apart the address as Class A (24 bit shift). FreeBSD has a
newer IN_LOOPBACK() macro that determines whether an address is in the
loopback range, and I'd like to use that. As not all systems provide
such a macro, I'd propose a default version that is essentially the
current FreeBSD version. Part of the reason for using the system macro
is that there is a proposed change to the reserved space for loopback
heading toward the IETF, reserving 127.0.0.0/16 rather than /8.
The following is a proposed change to sshconnect.c.
diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c
index 8f7541942ac1..74636005eb7b 100644
--- a/crypto/openssh/sshconnect.c
+++ b/crypto/openssh/sshconnect.c
@@ -592,13 +592,20 @@ confirm(const char *prompt, const char *fingerprint)
}
}
+/*
+ * <netinet/in.h> may provide an IN_LOOPBACK() macro; use it if provided.
+ */
+#ifndef IN_LOOPBACK
+#define IN_LOOPBACK(i) (((i) & 0xff000000) == 0x7f000000)
+#endif
+
static int
sockaddr_is_local(struct sockaddr *hostaddr)
{
switch (hostaddr->sa_family) {
case AF_INET:
- return (ntohl(((struct sockaddr_in *)hostaddr)->
- sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
+ return (IN_LOOPBACK(ntohl(((struct sockaddr_in *)hostaddr)->
+ sin_addr.s_addr)));
case AF_INET6:
return IN6_IS_ADDR_LOOPBACK(
&(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
Comments or suggestions?
Thanks,
Mike