From marka@isc.org  Fri Aug 31 02:03:07 2007
Return-Path: <marka@isc.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F34D816A421
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 31 Aug 2007 02:03:06 +0000 (UTC)
	(envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc])
	by mx1.freebsd.org (Postfix) with ESMTP id A331B13C46E
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 31 Aug 2007 02:03:06 +0000 (UTC)
	(envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1])
	by drugs.dv.isc.org (8.14.1/8.14.1) with ESMTP id l7V233AX002299
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 31 Aug 2007 12:03:04 +1000 (EST)
	(envelope-from marka@drugs.dv.isc.org)
Received: (from marka@localhost)
	by drugs.dv.isc.org (8.14.1/8.14.1/Submit) id l7U7lRNn002375;
	Thu, 30 Aug 2007 17:47:27 +1000 (EST)
	(envelope-from marka)
Message-Id: <200708300747.l7U7lRNn002375@drugs.dv.isc.org>
Date: Thu, 30 Aug 2007 17:47:27 +1000 (EST)
From: Mark Andrews <marka@isc.org>
Reply-To: Mark Andrews <marka@isc.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: sshd's X11 forwarding broken on IPv6 only machine [patch].
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         115960
>Category:       bin
>Synopsis:       sshd's X11 forwarding broken on IPv6 only machine [patch].
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    des
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 31 02:10:01 GMT 2007
>Closed-Date:    
>Last-Modified:  Sat Sep 01 15:25:32 GMT 2007
>Originator:     Mark Andrews
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
ISC
>Environment:
System: FreeBSD drugs.dv.isc.org 6.2-STABLE FreeBSD 6.2-STABLE #17: Fri Aug 3 08:01:36 EST 2007 marka@drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS i386


>Description:

	OpenSSH X11 forwarding fails on system without IPv4
	interfaces.
	
>How-To-Repeat:

	Disable the IPv4 interface setup, including lo0.

	e.g.
		ifconfig_lo0=up
		ifconfig_xxx0=NOAUTO

	You should end up something like this.

% ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet6 fe80::214:22ff:fed9:fbdc%bge0 prefixlen 64 scopeid 0x1 
        inet6 2001:470:1f00:820:214:22ff:fed9:fbdc prefixlen 64 autoconf 
        ether 00:14:22:d9:fb:dc
        media: Ethernet autoselect (10baseT/UTP <half-duplex>)
        status: active
iwi0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        ether 00:16:6f:46:b7:5d
        media: IEEE 802.11 Wireless Ethernet autoselect
        status: no carrier
        ssid "" channel 1
        authmode OPEN privacy OFF txpowmax 100 bmiss 10 protmode CTS
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
% 

	Attempt to ssh into the machine and forward X11.

>Fix:

	The existing code works if and only if the address family that
	fails is *not* the last address family in the list returned
	by getaddrinfo().

	The solution is to look at errno to decide if the bind(2) failure
	should cause sshd to move to the next port or not.

	Mark

Index: crypto/openssh/channels.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/channels.c,v
retrieving revision 1.20.2.2
diff -u -r1.20.2.2 channels.c
--- crypto/openssh/channels.c	6 Oct 2006 14:07:12 -0000	1.20.2.2
+++ crypto/openssh/channels.c	30 Aug 2007 07:33:12 -0000
@@ -2892,10 +2892,11 @@
 #endif
 			channel_set_reuseaddr(sock);
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+				int save_errno = errno;
 				debug2("bind port %d: %.100s", port, strerror(errno));
 				close(sock);
 
-				if (ai->ai_next)
+				if (save_errno == EADDRNOTAVAIL)
 					continue;
 
 				for (n = 0; n < num_socks; n++) {

>Release-Note:
>Audit-Trail:

From: "Craig Rodrigues" <rodrigc@crodrigues.org>
To: bug-followup@FreeBSD.org, marka@isc.org
Cc:  
Subject: Re: bin/115960: sshd's X11 forwarding broken on IPv6 only machine [patch].
Date: Fri, 31 Aug 2007 13:53:48 -0400

 Hi,
 
 This code is imported from the OpenSSH project.
 The problem exists in their sources too:
 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c
 
 Can you submit your patch to them also?
 http://www.openssh.com/report.html
 
 -- 
 Craig Rodrigues
 rodrigc@crodrigues.org

From: Mark Andrews <Mark_Andrews@isc.org>
To: "Craig Rodrigues" <rodrigc@crodrigues.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/115960: sshd's X11 forwarding broken on IPv6 only machine [patch]. 
Date: Sat, 01 Sep 2007 20:44:10 +1000

 > Hi,
 > 
 > This code is imported from the OpenSSH project.
 > The problem exists in their sources too:
 > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c
 > 
 > Can you submit your patch to them also?
 > http://www.openssh.com/report.html
 
 	Done.
 
 	https://bugzilla.mindrot.org/show_bug.cgi?id=1356
 > 
 > -- 
 > Craig Rodrigues
 > rodrigc@crodrigues.org
 -- 
 Mark Andrews, ISC
 1 Seymour St., Dundas Valley, NSW 2117, Australia
 PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: rodrigc 
Responsible-Changed-When: Sat Sep 1 15:25:16 UTC 2007 
Responsible-Changed-Why:  
Over to des. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115960 
>Unformatted:
