[syslinux] Bug#793921: tftpd-hpa: IPv6 address cannonization breaks IPv4
H. Peter Anvin
hpa at zytor.com
Fri Aug 7 11:52:49 PDT 2015
On 07/29/2015 01:45 AM, Ron via Syslinux wrote:
>
> Take 2 at bouncing this to the rest of the original recipients through a
> different MTA, since mail.zytor.com refused to accept it the first time.
>
> Please re-add Jason Gunthorpe <jgg at obsidianresearch.com> and
> 793921 at bugs.debian.org to the CC for replies.
>
>
> On Wed, Jul 29, 2015 at 05:34:00PM +0930, Ron wrote:
>>
>> Hi Jason,
>>
>> On Tue, Jul 28, 2015 at 03:45:30PM -0600, Jason Gunthorpe wrote:
>>> Package: tftpd-hpa
>>> Version: 5.2+20140608-3
>>> Severity: important
>>>
>>> This commit:
>>>
>>> tftp: convert IPv6-mapped IPv4 addresses to IPv4
>>>
>>> If we receive IPv4 addresses mapped to IPv6, convert them back to IPv4
>>> so that mapping scripts which use \i behave sanely.
>>>
>>> Signed-off-by: H. Peter Anvin <hpa at zytor.com>
>>>
>>> Totally breaks IPv4 support when tftpd is used with an IPv6 listening socket
>>> (eg when invoked from systemd)
>>>
>>> The issue is that the tftpd caller assumes that 'from' and 'myaddr' have the
>>> same AF, however the above patch only cannonizes 'myaddr'. Ultimately this
>>> results in the daemon attempting to use a socket with two address families and
>>> fails:
>>>
>>> recvmsg(0, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(34500), inet_pton(AF_INET6, "::ffff:10.0.0.192", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, msg_iov(1)=[{"\0\1pxelinux.0\0netascii\0", 65468}], msg_controllen=40, {cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=, ...}, msg_flags=0}, 0) = 22
>>> [..]
>>> [pid 3757] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 0
>>> [..]
>>> [pid 3757] bind(0, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.0.0.2")}, 16) = 0
>>> [pid 3757] connect(0, {sa_family=AF_INET6, sin6_port=htons(34500), inet_pton(AF_INET6, "::ffff:10.0.0.192", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EAFNOSUPPORT (Address family not supported by protocol)
>>> [pid 3757] sendto(3, "<27>Jul 28 15:32:20 tftpd[3757]: connect: Address family not supported by protocol", 82, MSG_NOSIGNAL, NULL, 0) = 82
>>>
>>> This makes the daemon utterly unusable.
>>>
>>> Suggest this tested patch:
>>>
>>> --- ../x/tftp-hpa-5.2+20140608/tftpd/recvfrom.c 2014-07-29 20:31:34.000000000 -0600
>>> +++ tftpd/recvfrom.c 2015-07-28 15:42:12.533074001 -0600
>>> @@ -24,6 +24,8 @@
>>> #include <machine/param.h> /* Needed on some versions of FreeBSD */
>>> #endif
>>>
>>> +#include <assert.h>
>>> +
>>> #if defined(HAVE_RECVMSG) && defined(HAVE_MSGHDR_MSG_CONTROL)
>>>
>>> #include <sys/uio.h>
>>> @@ -253,6 +255,8 @@
>>> }
>>> #endif
>>> normalize_ip6_compat(myaddr);
>>> + normalize_ip6_compat((union sock_addr *)from);
>>> + assert(from->sa_family == myaddr->sa.sa_family);
>>> }
>>> #endif
>>> }
>>
I have applied the solution of canonicalizing all the addresses into git
for now. I would appreciate if someone could try to test it.
I ended up going for canonicalize everywhere because I found other
places in the code which probably would fail to operate correctly on
IPv6-mapped IPv4 addresses.
-hpa
More information about the Syslinux
mailing list