Bug 22868

Summary:	getsockname may return an incorrect address
Product:	Base System	Reporter:	Jean-Luc.Richier <Jean-Luc.Richier>
Component:	kern	Assignee:	Hajimu UMEMOTO <ume>
Status:	Closed FIXED
Severity:	Affects Only Me
Priority:	Normal
Version:	4.1.1-RELEASE
Hardware:	Any
OS:	Any

Description Jean-Luc.Richier 2000-11-15 12:40:00 UTC

	With a udp/tcp INET6 socket which is bounded to the :: address and
	IPv4 compatible, getsockname return an address ::fff:0.0.0.0 (that
	is the any IPv4 address in AF_INET6 IPv4-mapped format) instead of ::

Fix: The problem is in in6_pcb.c, function in6_mapped_sockaddr.
	This function returns a IPv4-mapped address if the INP_IPV4 is set.
	It should use IPv4-mapped address only if V6 is not possible, that
	is, if INP_IPV6 is not set.
	I suggest the following patch. By symetry I made the same change in
	in6_mapped_peeraddr.
	




-- 
Jean-Luc RICHIER (Jean-Luc.Richier@Imag.Fr  richier@imag.fr)
Laboratoire Logiciels, Systemes et Reseaux (LSR-IMAG)
IMAG-CAMPUS, BP 72, F-38402 St Martin d'Heres Cedex
Tel : +33 4 76 82 72 32 Fax : +33 4 76 82 72 87--45LtZhXRW6s3tiCL9KERUI48NdbnQuFTZtG2ccCzuse6Ryf0
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

*** netinet6/in6_pcb.c.DIST	Sat Jul 15 09:14:33 2000
--- netinet6/in6_pcb.c	Wed Nov 15 12:59:08 2000
***************
*** 721,727 ****
  
  	if (inp == NULL)
  		return EINVAL;
! 	if (inp->inp_vflag & INP_IPV4) {
  		error = in_setsockaddr(so, nam);
  		if (error == 0)
  			in6_sin_2_v4mapsin6_in_sock(nam);
--- 721,727 ----
  
  	if (inp == NULL)
  		return EINVAL;
! 	if ((inp->inp_vflag & INP_IPV6) == NULL) {
  		error = in_setsockaddr(so, nam);
  		if (error == 0)
  			in6_sin_2_v4mapsin6_in_sock(nam);
***************
*** 739,745 ****
  
  	if (inp == NULL)
  		return EINVAL;
! 	if (inp->inp_vflag & INP_IPV4) {
  		error = in_setpeeraddr(so, nam);
  		if (error == 0)
  			in6_sin_2_v4mapsin6_in_sock(nam);
--- 739,745 ----
  
  	if (inp == NULL)
  		return EINVAL;
! 	if ((inp->inp_vflag & INP_IPV6) == NULL) {
  		error = in_setpeeraddr(so, nam);
  		if (error == 0)
  			in6_sin_2_v4mapsin6_in_sock(nam);
How-To-Repeat: 
	- create an AF_INET6 udp socket	
	- call getsockname on it and print the returned address
cf the program:
------------------------
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
struct sockaddr_in6 sa;

main(argc,argv)
int argc;
char **argv;
{
	int fd, l;
	char buf[100];

	if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
		err(1, "socket");
	sa.sin6_family = AF_INET6;
	l = sa.sin6_len = sizeof sa;
	if (bind(fd, (struct sockaddr *)&sa, l) < 0)
		err(1, "bind");
	if (getsockname(fd, (struct sockaddr *)&sa, &l) < 0)
		err(1, "getsockname");
	inet_ntop(AF_INET6, &sa.sin6_addr, buf, sizeof buf);
	printf("sock %d %d %d %s\n", l, sa.sin6_len, sa.sin6_family, buf);
}
-->
tuna# ./a.out
sock 28 28 28 ::ffff:0.0.0.0

Comment 1 Jean-Luc.Richier 2002-07-14 18:40:38 UTC

This bug is still there in FreeBSD4.6 RELEASE asn in FreeSB-current (Jun
24, 2002),
but has been corrected (with a slightly different patch) in KAME
(kame-20020708-freebsd46-snap.tgz)

--
Jean-Luc RICHIER (Jean-Luc.Richier@Imag.Fr  richier@imag.fr)
Laboratoire Logiciels, Systemes et Reseaux (LSR-IMAG)
IMAG-CAMPUS, BP 72, F-38402 St Martin d'Heres Cedex
Tel : +33 4 76 82 72 32 Fax : +33 4 76 82 72 87

Comment 2 dwmalone freebsd_committer

2004-01-08 10:10:55 UTC

Responsible Changed
From-To: freebsd-bugs->ume

UMEMOTO-san should be able to merge the fix from KAME.

Comment 3 Hajimu UMEMOTO freebsd_committer

2004-01-10 08:12:45 UTC

State Changed
From-To: open->closed

Thanks!  I've just merged the fix from KAME.