Socat only checked the first character of the host name to decide if it is an IPv4 address

2024-12-22 15:32:35 +00:00 · 2018-07-29 11:30:40 +02:00 · 2018-07-29 11:30:40 +02:00 · 42864922e7
commit 42864922e7
parent 479d9cbbda
3 changed files with 10 additions and 24 deletions
--- a/6
+++ b/6
@ -49,6 +49,12 @@ corrections:
 	The syntax has now been changed from "[::1/128]" to "[::1]/128"!
 	Thanks Leah Neukirchen for sending an initial fix.

+	For name resolution Socat only checked the first character of the host
+	name to decide if it is an IPv4 address. This was not RFC conform. This
+	fix removes the possibility for use of IPv4 addresses with IPv6, e.g.
+	TCP6:127.0.0.1:80
+	Thanks to Nicolas Fournil for reporting this issue.
+
 testing:
 	test.sh: Show a warning when phase-1 (insecure phase) of a security
 	test fails
--- a/test.sh
+++ b/test.sh
@ -6761,6 +6761,8 @@ case "$TESTS" in
 *%$N%*|*%functions%*|*%tcp%*|*%tcp6%*|*%ip6%*|*%$NAME%*)
 TEST="$NAME: TCP4 mapped into TCP6 address space"
 if ! eval $NUMCOND; then :;
+elif true; then
+    $PRINTF "test $F_n $TEST... ${YELLOW}Feature reoved${NORMAL}\n" $N
 elif ! testaddrs tcp ip6 >/dev/null || ! runsip6 >/dev/null; then
    $PRINTF "test $F_n $TEST... ${YELLOW}TCP6 not available${NORMAL}\n" $N
    numCANT=$((numCANT+1))
--- a/xio-ip.c
+++ b/xio-ip.c
@ -167,30 +167,8 @@ int xiogetaddrinfo(const char *node, const char *service,
   /* the resolver functions might handle numeric forms of node names by
      reverse lookup, that's not what we want.
      So we detect these and handle them specially */
-   if (node && isdigit(node[0]&0xff)) {
-#if HAVE_GETADDRINFO
-      hints.ai_flags |= AI_NUMERICHOST;
-#endif /* HAVE_GETADDRINFO */
-      if (family == PF_UNSPEC) {
-	 family = PF_INET;
-#if HAVE_GETADDRINFO
-      } else if (family == PF_INET6) {
-	 /* map "explicitely" into IPv6 address space; getipnodebyname() does
-	    this with AI_V4MAPPED, but not getaddrinfo() */
-	 if ((numnode = Malloc(strlen(node)+7+1)) == NULL) {
-#if HAVE_RESOLV_H
-	    if (res_opts0 | res_opts1) {
-	       _res.options = (_res.options & (~res_opts0&~res_opts1) |
-			       save_res_opts& ( res_opts0| res_opts1));
-	    }
-#endif
-	    return STAT_NORETRY;
-	 }
-	 sprintf(numnode, "::ffff:%s", node);
-	 node = numnode;
-	 hints.ai_flags |= AI_NUMERICHOST;
-#endif /* HAVE_GETADDRINFO */
-      }
+   if (0) { 	/* for canonical reasons */
+      ;
 #if WITH_IP6
   } else if (node && node[0] == '[' && node[(nodelen=strlen(node))-1]==']') {
      if ((numnode = Malloc(nodelen-1)) == NULL) {