diff options
| author | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2016-08-31 13:43:37 +0000 |
|---|---|---|
| committer | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2016-08-31 13:43:37 +0000 |
| commit | cd83e68e2b8a76535d41b5ed7ed6686babbb619d (patch) | |
| tree | a54f5d40e1bc3bb980d049dfdd349829d92597ce /libexec | |
| parent | 2bf2db96121ba2de75ec70953996cc9738e8b2e5 (diff) | |
Don't attempt to support IPv4-mapped IPv6 addresses.
We don't consider support for those addreses as desirable, so let's not
give a bad example by keeping application code to handle them. This is
dead code on OpenBSD anyway since we do not support IPv4-mapped stuff.
But let's keep the check to log and warn the admin if the code gets
ported elsewhere. Porters of this code should ensure that IPv6 sockets
can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt.
Discussed with & ok tedu@
For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/ftpd/ftpd.c | 42 |
1 files changed, 5 insertions, 37 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 1cc13cd5c5d..53bdd5ddf5d 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ftpd.c,v 1.220 2016/08/30 14:56:39 tedu Exp $ */ +/* $OpenBSD: ftpd.c,v 1.221 2016/08/31 13:43:36 jca Exp $ */ /* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */ /* @@ -526,42 +526,10 @@ main(int argc, char *argv[]) } if (his_addr.su_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&his_addr.su_sin6.sin6_addr)) { -#if 1 - /* - * IPv4 control connection arrived to AF_INET6 socket. - * I hate to do this, but this is the easiest solution. - */ - union sockunion tmp_addr; - const int off = sizeof(struct in6_addr) - sizeof(struct in_addr); - - tmp_addr = his_addr; - memset(&his_addr, 0, sizeof(his_addr)); - his_addr.su_sin.sin_family = AF_INET; - his_addr.su_sin.sin_len = sizeof(his_addr.su_sin); - memcpy(&his_addr.su_sin.sin_addr, - &tmp_addr.su_sin6.sin6_addr.s6_addr[off], - sizeof(his_addr.su_sin.sin_addr)); - his_addr.su_sin.sin_port = tmp_addr.su_sin6.sin6_port; - - tmp_addr = ctrl_addr; - memset(&ctrl_addr, 0, sizeof(ctrl_addr)); - ctrl_addr.su_sin.sin_family = AF_INET; - ctrl_addr.su_sin.sin_len = sizeof(ctrl_addr.su_sin); - memcpy(&ctrl_addr.su_sin.sin_addr, - &tmp_addr.su_sin6.sin6_addr.s6_addr[off], - sizeof(ctrl_addr.su_sin.sin_addr)); - ctrl_addr.su_sin.sin_port = tmp_addr.su_sin6.sin6_port; -#else - while (fgets(line, sizeof(line), fd) != NULL) { - line[strcspn(line, "\n")] = '\0'; - lreply(530, "%s", line); - } - (void) fflush(stdout); - (void) close(fd); - reply(530, - "Connection from IPv4 mapped address is not supported."); - exit(0); -#endif + syslog(LOG_WARNING, + "Connection from IPv4 mapped address is not supported."); + reply(530, "System not available."); + exit(1); } if (his_addr.su_family == AF_INET) { tos = IPTOS_LOWDELAY; |