diff --git a/CHANGES b/CHANGES index 212c51c..b40e8c3 100644 --- a/CHANGES +++ b/CHANGES @@ -49,6 +49,12 @@ corrections: The syntax has now been changed from "[::1/128]" to "[::1]/128"! Thanks Leah Neukirchen for sending an initial fix. + For name resolution Socat only checked the first character of the host + name to decide if it is an IPv4 address. This was not RFC conform. This + fix removes the possibility for use of IPv4 addresses with IPv6, e.g. + TCP6:127.0.0.1:80 + Thanks to Nicolas Fournil for reporting this issue. + testing: test.sh: Show a warning when phase-1 (insecure phase) of a security test fails diff --git a/test.sh b/test.sh index 6a7d3eb..f23fcf5 100755 --- a/test.sh +++ b/test.sh @@ -6761,6 +6761,8 @@ case "$TESTS" in *%$N%*|*%functions%*|*%tcp%*|*%tcp6%*|*%ip6%*|*%$NAME%*) TEST="$NAME: TCP4 mapped into TCP6 address space" if ! eval $NUMCOND; then :; +elif true; then + $PRINTF "test $F_n $TEST... ${YELLOW}Feature reoved${NORMAL}\n" $N elif ! testaddrs tcp ip6 >/dev/null || ! runsip6 >/dev/null; then $PRINTF "test $F_n $TEST... ${YELLOW}TCP6 not available${NORMAL}\n" $N numCANT=$((numCANT+1)) diff --git a/xio-ip.c b/xio-ip.c index 67fcd75..14d6284 100644 --- a/xio-ip.c +++ b/xio-ip.c @@ -167,30 +167,8 @@ int xiogetaddrinfo(const char *node, const char *service, /* the resolver functions might handle numeric forms of node names by reverse lookup, that's not what we want. So we detect these and handle them specially */ - if (node && isdigit(node[0]&0xff)) { -#if HAVE_GETADDRINFO - hints.ai_flags |= AI_NUMERICHOST; -#endif /* HAVE_GETADDRINFO */ - if (family == PF_UNSPEC) { - family = PF_INET; -#if HAVE_GETADDRINFO - } else if (family == PF_INET6) { - /* map "explicitely" into IPv6 address space; getipnodebyname() does - this with AI_V4MAPPED, but not getaddrinfo() */ - if ((numnode = Malloc(strlen(node)+7+1)) == NULL) { -#if HAVE_RESOLV_H - if (res_opts0 | res_opts1) { - _res.options = (_res.options & (~res_opts0&~res_opts1) | - save_res_opts& ( res_opts0| res_opts1)); - } -#endif - return STAT_NORETRY; - } - sprintf(numnode, "::ffff:%s", node); - node = numnode; - hints.ai_flags |= AI_NUMERICHOST; -#endif /* HAVE_GETADDRINFO */ - } + if (0) { /* for canonical reasons */ + ; #if WITH_IP6 } else if (node && node[0] == '[' && node[(nodelen=strlen(node))-1]==']') { if ((numnode = Malloc(nodelen-1)) == NULL) {