mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 23:42:34 +00:00
Socat only checked the first character of the host name to decide if it is an IPv4 address
This commit is contained in:
parent
479d9cbbda
commit
42864922e7
3 changed files with 10 additions and 24 deletions
6
CHANGES
6
CHANGES
|
@ -49,6 +49,12 @@ corrections:
|
||||||
The syntax has now been changed from "[::1/128]" to "[::1]/128"!
|
The syntax has now been changed from "[::1/128]" to "[::1]/128"!
|
||||||
Thanks Leah Neukirchen for sending an initial fix.
|
Thanks Leah Neukirchen for sending an initial fix.
|
||||||
|
|
||||||
|
For name resolution Socat only checked the first character of the host
|
||||||
|
name to decide if it is an IPv4 address. This was not RFC conform. This
|
||||||
|
fix removes the possibility for use of IPv4 addresses with IPv6, e.g.
|
||||||
|
TCP6:127.0.0.1:80
|
||||||
|
Thanks to Nicolas Fournil for reporting this issue.
|
||||||
|
|
||||||
testing:
|
testing:
|
||||||
test.sh: Show a warning when phase-1 (insecure phase) of a security
|
test.sh: Show a warning when phase-1 (insecure phase) of a security
|
||||||
test fails
|
test fails
|
||||||
|
|
2
test.sh
2
test.sh
|
@ -6761,6 +6761,8 @@ case "$TESTS" in
|
||||||
*%$N%*|*%functions%*|*%tcp%*|*%tcp6%*|*%ip6%*|*%$NAME%*)
|
*%$N%*|*%functions%*|*%tcp%*|*%tcp6%*|*%ip6%*|*%$NAME%*)
|
||||||
TEST="$NAME: TCP4 mapped into TCP6 address space"
|
TEST="$NAME: TCP4 mapped into TCP6 address space"
|
||||||
if ! eval $NUMCOND; then :;
|
if ! eval $NUMCOND; then :;
|
||||||
|
elif true; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Feature reoved${NORMAL}\n" $N
|
||||||
elif ! testaddrs tcp ip6 >/dev/null || ! runsip6 >/dev/null; then
|
elif ! testaddrs tcp ip6 >/dev/null || ! runsip6 >/dev/null; then
|
||||||
$PRINTF "test $F_n $TEST... ${YELLOW}TCP6 not available${NORMAL}\n" $N
|
$PRINTF "test $F_n $TEST... ${YELLOW}TCP6 not available${NORMAL}\n" $N
|
||||||
numCANT=$((numCANT+1))
|
numCANT=$((numCANT+1))
|
||||||
|
|
26
xio-ip.c
26
xio-ip.c
|
@ -167,30 +167,8 @@ int xiogetaddrinfo(const char *node, const char *service,
|
||||||
/* the resolver functions might handle numeric forms of node names by
|
/* the resolver functions might handle numeric forms of node names by
|
||||||
reverse lookup, that's not what we want.
|
reverse lookup, that's not what we want.
|
||||||
So we detect these and handle them specially */
|
So we detect these and handle them specially */
|
||||||
if (node && isdigit(node[0]&0xff)) {
|
if (0) { /* for canonical reasons */
|
||||||
#if HAVE_GETADDRINFO
|
;
|
||||||
hints.ai_flags |= AI_NUMERICHOST;
|
|
||||||
#endif /* HAVE_GETADDRINFO */
|
|
||||||
if (family == PF_UNSPEC) {
|
|
||||||
family = PF_INET;
|
|
||||||
#if HAVE_GETADDRINFO
|
|
||||||
} else if (family == PF_INET6) {
|
|
||||||
/* map "explicitely" into IPv6 address space; getipnodebyname() does
|
|
||||||
this with AI_V4MAPPED, but not getaddrinfo() */
|
|
||||||
if ((numnode = Malloc(strlen(node)+7+1)) == NULL) {
|
|
||||||
#if HAVE_RESOLV_H
|
|
||||||
if (res_opts0 | res_opts1) {
|
|
||||||
_res.options = (_res.options & (~res_opts0&~res_opts1) |
|
|
||||||
save_res_opts& ( res_opts0| res_opts1));
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
return STAT_NORETRY;
|
|
||||||
}
|
|
||||||
sprintf(numnode, "::ffff:%s", node);
|
|
||||||
node = numnode;
|
|
||||||
hints.ai_flags |= AI_NUMERICHOST;
|
|
||||||
#endif /* HAVE_GETADDRINFO */
|
|
||||||
}
|
|
||||||
#if WITH_IP6
|
#if WITH_IP6
|
||||||
} else if (node && node[0] == '[' && node[(nodelen=strlen(node))-1]==']') {
|
} else if (node && node[0] == '[' && node[(nodelen=strlen(node))-1]==']') {
|
||||||
if ((numnode = Malloc(nodelen-1)) == NULL) {
|
if ((numnode = Malloc(nodelen-1)) == NULL) {
|
||||||
|
|
Loading…
Reference in a new issue