Fix ipaddr fallback onto ipv6
Resolves: Bug#1168868
This commit is contained in:
parent
94d784ece8
commit
ba9071d76e
@ -0,0 +1,62 @@
|
||||
From 64ee0b30df59857bce8f0efea019d065cf48c54c Mon Sep 17 00:00:00 2001
|
||||
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
||||
Date: Thu, 18 Dec 2014 22:05:35 +0200
|
||||
Subject: [PATCH 2/2] Don't overwrite ip_hton af/prefix in fr_pton4/6
|
||||
|
||||
Don't overwrite address family and prefix set by ip_hton (which can fall
|
||||
back onto other address family) with AF_INET/32 and AF_INET6/128, in
|
||||
fr_pton4 and fr_pton6 respectively.
|
||||
|
||||
This fixes radiusd listening on wrong address data when falling back to
|
||||
another address family.
|
||||
---
|
||||
src/lib/misc.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/lib/misc.c b/src/lib/misc.c
|
||||
index ad27057..cf49917 100644
|
||||
--- a/src/lib/misc.c
|
||||
+++ b/src/lib/misc.c
|
||||
@@ -238,6 +238,9 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
|
||||
* 192.0.2.2 is parsed as if it was /32
|
||||
*/
|
||||
if (!p) {
|
||||
+ out->prefix = 32;
|
||||
+ out->af = AF_INET;
|
||||
+
|
||||
/*
|
||||
* Allow '*' as the wildcard address usually 0.0.0.0
|
||||
*/
|
||||
@@ -258,9 +261,6 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
|
||||
}
|
||||
} else if (ip_hton(out, AF_INET, value, fallback) < 0) return -1;
|
||||
|
||||
- out->prefix = 32;
|
||||
- out->af = AF_INET;
|
||||
-
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -338,6 +338,9 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
|
||||
|
||||
p = strchr(value, '/');
|
||||
if (!p) {
|
||||
+ out->prefix = 128;
|
||||
+ out->af = AF_INET6;
|
||||
+
|
||||
/*
|
||||
* Allow '*' as the wildcard address
|
||||
*/
|
||||
@@ -350,9 +353,6 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
|
||||
}
|
||||
} else if (ip_hton(out, AF_INET6, value, fallback) < 0) return -1;
|
||||
|
||||
- out->prefix = 128;
|
||||
- out->af = AF_INET6;
|
||||
-
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
2.1.3
|
||||
|
64
freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
Normal file
64
freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
Normal file
@ -0,0 +1,64 @@
|
||||
From a23dbf402ad466bf41c95da82e58dedc7b615f99 Mon Sep 17 00:00:00 2001
|
||||
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
|
||||
Date: Mon, 1 Dec 2014 14:15:45 -0500
|
||||
Subject: [PATCH 1/2] Resolve to all families on ip_hton fallback
|
||||
|
||||
If we're doing fallback resolution we need to set the address family to
|
||||
AF_UNSPEC to get both IPv6 and IPv4 addresses
|
||||
|
||||
The af that was passed in, is then used to set the preference
|
||||
---
|
||||
src/lib/misc.c | 25 +++++++++++++------------
|
||||
1 file changed, 13 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/lib/misc.c b/src/lib/misc.c
|
||||
index d0ccd6c..ad27057 100644
|
||||
--- a/src/lib/misc.c
|
||||
+++ b/src/lib/misc.c
|
||||
@@ -845,7 +845,15 @@ int ip_hton(fr_ipaddr_t *out, int af, char const *hostname, bool fallback)
|
||||
int rcode;
|
||||
struct addrinfo hints, *ai = NULL, *alt = NULL, *res = NULL;
|
||||
|
||||
+ /*
|
||||
+ * Avoid malloc for IP addresses. This helps us debug
|
||||
+ * memory errors when using talloc.
|
||||
+ */
|
||||
+#ifdef TALLOC_DEBUG
|
||||
+ if (true) {
|
||||
+#else
|
||||
if (!fr_hostname_lookups) {
|
||||
+#endif
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN6
|
||||
if (af == AF_UNSPEC) {
|
||||
char const *p;
|
||||
@@ -872,22 +880,15 @@ int ip_hton(fr_ipaddr_t *out, int af, char const *hostname, bool fallback)
|
||||
}
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
- hints.ai_family = af;
|
||||
|
||||
-#ifdef TALLOC_DEBUG
|
||||
/*
|
||||
- * Avoid malloc for IP addresses. This helps us debug
|
||||
- * memory errors when using talloc.
|
||||
+ * If we're falling back we need both IPv4 and IPv6 records
|
||||
*/
|
||||
- if (af == AF_INET) {
|
||||
- /*
|
||||
- * If it's all numeric, avoid getaddrinfo()
|
||||
- */
|
||||
- if (inet_pton(af, hostname, &out->ipaddr.ip4addr) == 1) {
|
||||
- return 0;
|
||||
- }
|
||||
+ if (fallback) {
|
||||
+ hints.ai_family = AF_UNSPEC;
|
||||
+ } else {
|
||||
+ hints.ai_family = af;
|
||||
}
|
||||
-#endif
|
||||
|
||||
if ((rcode = getaddrinfo(hostname, NULL, &hints, &res)) != 0) {
|
||||
fr_strerror_printf("ip_hton: %s", gai_strerror(rcode));
|
||||
--
|
||||
2.1.3
|
||||
|
@ -49,6 +49,8 @@ Patch25: freeradius-rad_counter-use-heredoc-for-help-message.patch
|
||||
Patch26: freeradius-rad_counter-Refine-help-message.patch
|
||||
Patch27: freeradius-dhcpclient-Add-a-short-description-to-help-output.patch
|
||||
Patch28: freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch
|
||||
Patch29: freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
|
||||
Patch30: freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch
|
||||
|
||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||
|
||||
@ -233,6 +235,8 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
%patch30 -p1
|
||||
|
||||
%build
|
||||
# Force compile/link options, extra security for network facing daemon
|
||||
|
Loading…
Reference in New Issue
Block a user