Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20220824190349.GB1923@voyager>
Date: Wed, 24 Aug 2022 21:03:49 +0200
From: Markus Wichmann <nullplan@....net>
To: musl@...ts.openwall.com
Subject: IPv4 fallback in __res_msend_rc not functional

Hi all,

I noticed something while reading some code: There is a fallback in
__res_msend_rc(), in case an IPv6 socket is requested but cannot be
allocated. In that case, the function tries to create an IPv4 socket
instead. However, I do not think this code can work that way. For
reference, this is the code:

	/* Get local address and open/bind a socket */
	sa.sin.sin_family = family;
	fd = socket(family, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);

	/* Handle case where system lacks IPv6 support */
	if (fd < 0 && family == AF_INET6 && errno == EAFNOSUPPORT) {
		fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
		family = AF_INET;
	}
	if (fd < 0 || bind(fd, (void *)&sa, sl) < 0) {
		if (fd >= 0) close(fd);
		pthread_setcancelstate(cs, 0);
		return -1;
	}

The problem is, if the fallback is triggered, the local address is still
set to be an IPv6 address, and so the bind() must necessarily fail with
EINVAL.

The fix depends on whether the fallback is still intended functionality
or not. If not, then the easiest would be to just get rid of the entire
fallback block. If the fallback is still intended to work, then the
fallback block must reset sl to the length of an IPv4 socket, and the
setting of sa.sin.sin_family must be delayed until after that block.

There is also the issue of the sendto() loop further down in the
function. If it is intended that the socket can be an IPv4 socket but
there can be IPv6 addresses in the list, then it might be prudent to
prevent sendto() from sending to the wrong address family. Or not, I
mean, you do not test for errors from sendto(), and the sends to the
wrong address family are just going to fail. So they would only waste
time and change errno, but not much of a visible side effect.

Ciao,
Markus

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.