Message ID | 20170519180342.19618-5-berrange@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On 05/19/2017 03:03 PM, Daniel P. Berrange wrote: > The original InetSocketAddress struct may have has_ipv4 and > has_ipv6 fields set, which will control both the ai_family > used during DNS resolution, and later use of the V6ONLY > flag. > > Currently the standalone DNS resolver code drops the > has_ipv4 & has_ipv6 flags after resolving, which means > the later bind() code won't correctly set V6ONLY. > > This fixes the following scenarios > > -vnc :0,ipv4=off > -vnc :0,ipv6=on > -vnc :::0,ipv4=off > -vnc :::0,ipv6=on > > which all mistakenly accepted IPv4 clients > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- > io/dns-resolver.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/io/dns-resolver.c b/io/dns-resolver.c > index 57a8896..c072d12 100644 > --- a/io/dns-resolver.c > +++ b/io/dns-resolver.c > @@ -116,8 +116,10 @@ static int qio_dns_resolver_lookup_sync_inet(QIODNSResolver *resolver, > .numeric = true, > .has_to = iaddr->has_to, > .to = iaddr->to, > - .has_ipv4 = false, > - .has_ipv6 = false, > + .has_ipv4 = iaddr->has_ipv4, > + .ipv4 = iaddr->ipv4, > + .has_ipv6 = iaddr->has_ipv6, > + .ipv6 = iaddr->ipv6, > }; > > (*addrs)[i] = newaddr; >
On 05/19/2017 01:03 PM, Daniel P. Berrange wrote: > The original InetSocketAddress struct may have has_ipv4 and > has_ipv6 fields set, which will control both the ai_family > used during DNS resolution, and later use of the V6ONLY > flag. > > Currently the standalone DNS resolver code drops the > has_ipv4 & has_ipv6 flags after resolving, which means > the later bind() code won't correctly set V6ONLY. > > This fixes the following scenarios > > -vnc :0,ipv4=off > -vnc :0,ipv6=on > -vnc :::0,ipv4=off > -vnc :::0,ipv6=on > > which all mistakenly accepted IPv4 clients > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > io/dns-resolver.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > Reviewed-by: Eric Blake <eblake@redhat.com>
diff --git a/io/dns-resolver.c b/io/dns-resolver.c index 57a8896..c072d12 100644 --- a/io/dns-resolver.c +++ b/io/dns-resolver.c @@ -116,8 +116,10 @@ static int qio_dns_resolver_lookup_sync_inet(QIODNSResolver *resolver, .numeric = true, .has_to = iaddr->has_to, .to = iaddr->to, - .has_ipv4 = false, - .has_ipv6 = false, + .has_ipv4 = iaddr->has_ipv4, + .ipv4 = iaddr->ipv4, + .has_ipv6 = iaddr->has_ipv6, + .ipv6 = iaddr->ipv6, }; (*addrs)[i] = newaddr;
The original InetSocketAddress struct may have has_ipv4 and has_ipv6 fields set, which will control both the ai_family used during DNS resolution, and later use of the V6ONLY flag. Currently the standalone DNS resolver code drops the has_ipv4 & has_ipv6 flags after resolving, which means the later bind() code won't correctly set V6ONLY. This fixes the following scenarios -vnc :0,ipv4=off -vnc :0,ipv6=on -vnc :::0,ipv4=off -vnc :::0,ipv6=on which all mistakenly accepted IPv4 clients Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- io/dns-resolver.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)