Fix ipaddr fallback onto ipv6

Resolves: Bug#1168868
2014-12-19 13:22:07 +02:00 · 2014-12-19 13:22:07 +02:00 · ba9071d76e
commit ba9071d76e
parent 94d784ece8
3 changed files with 130 additions and 0 deletions
--- a/freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch
+++ b/freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch
@ -0,0 +1,62 @@
+From 64ee0b30df59857bce8f0efea019d065cf48c54c Mon Sep 17 00:00:00 2001
+From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
+Date: Thu, 18 Dec 2014 22:05:35 +0200
+Subject: [PATCH 2/2] Don't overwrite ip_hton af/prefix in fr_pton4/6
+
+Don't overwrite address family and prefix set by ip_hton (which can fall
+back onto other address family) with AF_INET/32 and AF_INET6/128, in
+fr_pton4 and fr_pton6 respectively.
+
+This fixes radiusd listening on wrong address data when falling back to
+another address family.
+---
+ src/lib/misc.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/lib/misc.c b/src/lib/misc.c
+index ad27057..cf49917 100644
+--- a/src/lib/misc.c
+++ b/src/lib/misc.c
+@@ -238,6 +238,9 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
+ 	 *	192.0.2.2 is parsed as if it was /32
+ 	 */
+ 	if (!p) {
+		out->prefix = 32;
+		out->af = AF_INET;
+
+ 		/*
+ 		 *	Allow '*' as the wildcard address usually 0.0.0.0
+ 		 */
+@@ -258,9 +261,6 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
+ 			}
+ 		} else if (ip_hton(out, AF_INET, value, fallback) < 0) return -1;
+ 
+-		out->prefix = 32;
+-		out->af = AF_INET;
+-
+ 		return 0;
+ 	}
+ 
+@@ -338,6 +338,9 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
+ 
+ 	p = strchr(value, '/');
+ 	if (!p) {
+		out->prefix = 128;
+		out->af = AF_INET6;
+
+ 		/*
+ 		 *	Allow '*' as the wildcard address
+ 		 */
+@@ -350,9 +353,6 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
+ 			}
+ 		} else if (ip_hton(out, AF_INET6, value, fallback) < 0) return -1;
+ 
+-		out->prefix = 128;
+-		out->af = AF_INET6;
+-
+ 		return 0;
+ 	}
+ 
+-- 
+2.1.3
+
--- a/freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
+++ b/freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
@ -0,0 +1,64 @@
+From a23dbf402ad466bf41c95da82e58dedc7b615f99 Mon Sep 17 00:00:00 2001
+From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
+Date: Mon, 1 Dec 2014 14:15:45 -0500
+Subject: [PATCH 1/2] Resolve to all families on ip_hton fallback
+
+If we're doing fallback resolution we need to set the address family to
+AF_UNSPEC to get both IPv6 and IPv4 addresses
+
+The af that was passed in, is then used to set the preference
+---
+ src/lib/misc.c | 25 +++++++++++++------------
+ 1 file changed, 13 insertions(+), 12 deletions(-)
+
+diff --git a/src/lib/misc.c b/src/lib/misc.c
+index d0ccd6c..ad27057 100644
+--- a/src/lib/misc.c
+++ b/src/lib/misc.c
+@@ -845,7 +845,15 @@ int ip_hton(fr_ipaddr_t *out, int af, char const *hostname, bool fallback)
+ 	int rcode;
+ 	struct addrinfo hints, *ai = NULL, *alt = NULL, *res = NULL;
+ 
+	/*
+	 *	Avoid malloc for IP addresses.  This helps us debug
+	 *	memory errors when using talloc.
+	 */
+#ifdef TALLOC_DEBUG
+	if (true) {
+#else
+ 	if (!fr_hostname_lookups) {
+#endif
+ #ifdef HAVE_STRUCT_SOCKADDR_IN6
+ 		if (af == AF_UNSPEC) {
+ 			char const *p;
+@@ -872,22 +880,15 @@ int ip_hton(fr_ipaddr_t *out, int af, char const *hostname, bool fallback)
+ 	}
+ 
+ 	memset(&hints, 0, sizeof(hints));
+-	hints.ai_family = af;
+ 
+-#ifdef TALLOC_DEBUG
+ 	/*
+-	 *	Avoid malloc for IP addresses.  This helps us debug
+-	 *	memory errors when using talloc.
+	 *	If we're falling back we need both IPv4 and IPv6 records
+ 	 */
+-	if (af == AF_INET) {
+-		/*
+-		 *	If it's all numeric, avoid getaddrinfo()
+-		 */
+-		if (inet_pton(af, hostname, &out->ipaddr.ip4addr) == 1) {
+-			return 0;
+-		}
+	if (fallback) {
+		hints.ai_family = AF_UNSPEC;
+	} else {
+		hints.ai_family = af;
+ 	}
+-#endif
+ 
+ 	if ((rcode = getaddrinfo(hostname, NULL, &hints, &res)) != 0) {
+ 		fr_strerror_printf("ip_hton: %s", gai_strerror(rcode));
+-- 
+2.1.3
+
--- a/freeradius.spec
+++ b/freeradius.spec
@ -49,6 +49,8 @@ Patch25: freeradius-rad_counter-use-heredoc-for-help-message.patch
 Patch26: freeradius-rad_counter-Refine-help-message.patch
 Patch27: freeradius-dhcpclient-Add-a-short-description-to-help-output.patch
 Patch28: freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch
+Patch29: freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
+Patch30: freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch

 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}

@ -233,6 +235,8 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 %patch26 -p1
 %patch27 -p1
 %patch28 -p1
+%patch29 -p1
+%patch30 -p1

 %build
 # Force compile/link options, extra security for network facing daemon