Package: tftpd-hpa
Version: 5.2+20140608-3
Severity: important

This commit:

 tftp: convert IPv6-mapped IPv4 addresses to IPv4

 If we receive IPv4 addresses mapped to IPv6, convert them back to IPv4
 so that mapping scripts which use \i behave sanely.

 Signed-off-by: H. Peter Anvin <[email protected]>

Totally breaks IPv4 support when tftpd is used with an IPv6 listening socket
(eg when invoked from systemd)

The issue is that the tftpd caller assumes that 'from' and 'myaddr' have the
same AF, however the above patch only cannonizes 'myaddr'. Ultimately this
results in the daemon attempting to use a socket with two address families and
fails:

recvmsg(0, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(34500), 
inet_pton(AF_INET6, "::ffff:10.0.0.192", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=0}, msg_iov(1)=[{"\0\1pxelinux.0\0netascii\0", 65468}], 
msg_controllen=40, {cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=, ...}, 
msg_flags=0}, 0) = 22
[..]
[pid  3757] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 0
[..]
[pid  3757] bind(0, {sa_family=AF_INET, sin_port=htons(0), 
sin_addr=inet_addr("10.0.0.2")}, 16) = 0
[pid  3757] connect(0, {sa_family=AF_INET6, sin6_port=htons(34500), 
inet_pton(AF_INET6, "::ffff:10.0.0.192", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=0}, 28) = -1 EAFNOSUPPORT (Address family not supported by 
protocol)
[pid  3757] sendto(3, "<27>Jul 28 15:32:20 tftpd[3757]: connect: Address family 
not supported by protocol", 82, MSG_NOSIGNAL, NULL, 0) = 82

This makes the daemon utterly unusable.

Suggest this tested patch:

--- ../x/tftp-hpa-5.2+20140608/tftpd/recvfrom.c 2014-07-29 20:31:34.000000000 
-0600
+++ tftpd/recvfrom.c    2015-07-28 15:42:12.533074001 -0600
@@ -24,6 +24,8 @@
 #include <machine/param.h>      /* Needed on some versions of FreeBSD */
 #endif
 
+#include <assert.h>
+
 #if defined(HAVE_RECVMSG) && defined(HAVE_MSGHDR_MSG_CONTROL)
 
 #include <sys/uio.h>
@@ -253,6 +255,8 @@
                 }
 #endif
                normalize_ip6_compat(myaddr);
+               normalize_ip6_compat((union sock_addr *)from);
+               assert(from->sa_family == myaddr->sa.sa_family);
             }
 #endif
         }

-- System Information:
Debian Release: 8.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.18.17 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tftpd-hpa depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.56
ii  libc6                  2.19-18
ii  libwrap0               7.6.q-25

tftpd-hpa recommends no packages.

Versions of packages tftpd-hpa suggests:
pn  pxelinux  <none>

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to