bin/115960: sshd's X11 forwarding broken on IPv6 only machine [patch].

[Mark Andrews]

>Number:         115960
>Category:       bin
>Synopsis:       sshd's X11 forwarding broken on IPv6 only machine [patch].
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 31 02:10:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Mark Andrews
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
ISC
>Environment:
System: FreeBSD drugs.dv.isc.org 6.2-STABLE FreeBSD 6.2-STABLE #17: Fri Aug 3 08:01:36 EST 2007 marka at drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS i386


>Description:

	OpenSSH X11 forwarding fails on system without IPv4
	interfaces.
	
>How-To-Repeat:

	Disable the IPv4 interface setup, including lo0.

	e.g.
		ifconfig_lo0=up
		ifconfig_xxx0=NOAUTO

	You should end up something like this.

% ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet6 fe80::214:22ff:fed9:fbdc%bge0 prefixlen 64 scopeid 0x1 
        inet6 2001:470:1f00:820:214:22ff:fed9:fbdc prefixlen 64 autoconf 
        ether 00:14:22:d9:fb:dc
        media: Ethernet autoselect (10baseT/UTP <half-duplex>)
        status: active
iwi0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        ether 00:16:6f:46:b7:5d
        media: IEEE 802.11 Wireless Ethernet autoselect
        status: no carrier
        ssid "" channel 1
        authmode OPEN privacy OFF txpowmax 100 bmiss 10 protmode CTS
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
% 

	Attempt to ssh into the machine and forward X11.

>Fix:

	The existing code works if and only if the address family that
	fails is *not* the last address family in the list returned
	by getaddrinfo().

	The solution is to look at errno to decide if the bind(2) failure
	should cause sshd to move to the next port or not.

	Mark

Index: crypto/openssh/channels.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/channels.c,v
retrieving revision 1.20.2.2
diff -u -r1.20.2.2 channels.c
--- crypto/openssh/channels.c	6 Oct 2006 14:07:12 -0000	1.20.2.2
+++ crypto/openssh/channels.c	30 Aug 2007 07:33:12 -0000
@@ -2892,10 +2892,11 @@
 #endif
 			channel_set_reuseaddr(sock);
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+				int save_errno = errno;
 				debug2("bind port %d: %.100s", port, strerror(errno));
 				close(sock);
 
-				if (ai->ai_next)
+				if (save_errno == EADDRNOTAVAIL)
 					continue;
 
 				for (n = 0; n < num_socks; n++) {

>Release-Note:
>Audit-Trail:
>Unformatted: