[openssl] master update

tomas at openssl.org tomas at openssl.org
Fri Jul 16 06:58:22 UTC 2021


The branch master has been updated
       via  09c1db3399d682523443af64158e1862082da23e (commit)
      from  52f7e44ec88a4d803dc9783cd7c71f87014ae3ee (commit)


- Log -----------------------------------------------------------------
commit 09c1db3399d682523443af64158e1862082da23e
Author: Daiki Ueno <dueno at redhat.com>
Date:   Wed Jul 14 11:15:34 2021 +0200

    apps: Use the first detected address family if IPv6 is not available
    
    This is a follow up of 15729bef385211bc2a0497e2d53a45c45d677d2c.  Even
    when the host does not support IPv6 at all, BIO_lookup_ex may now
    return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
    the ai_next field.
    
    After eee8a40aa5e06841eed6fa8eb4f6109238d59aea, the do_server function
    prefers the IPv6 address and fails on the BIO_socket call.  This adds
    a fallback code to retry with the IPv4 address returned as the first
    element to avoid the error.
    
    The failure had been partially avoided in the previous code with
    AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
    IPv6 address is associated with external interface.  However, it would
    be still a problem if the external interface has an IPv6 address
    assigned, while the loopback interface doesn't.
    
    Signed-off-by: Daiki Ueno <dueno at redhat.com>
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16074)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/s_socket.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index bddf16045f..6884fd86cd 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -267,6 +267,8 @@ int do_server(int *accept_sock, const char *host, const char *port,
     const BIO_ADDRINFO *next;
     int sock_family, sock_type, sock_protocol, sock_port;
     const BIO_ADDR *sock_address;
+    int sock_family_fallback = AF_UNSPEC;
+    const BIO_ADDR *sock_address_fallback = NULL;
     int sock_options = BIO_SOCK_REUSEADDR;
     int ret = 0;
 
@@ -298,6 +300,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
             && BIO_ADDRINFO_protocol(next) == sock_protocol) {
         if (sock_family == AF_INET
                 && BIO_ADDRINFO_family(next) == AF_INET6) {
+            /* In case AF_INET6 is returned but not supported by the
+             * kernel, retry with the first detected address family */
+            sock_family_fallback = sock_family;
+            sock_address_fallback = sock_address;
             sock_family = AF_INET6;
             sock_address = BIO_ADDRINFO_address(next);
         } else if (sock_family == AF_INET6
@@ -308,6 +314,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
 #endif
 
     asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
+    if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) {
+        asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0);
+        sock_address = sock_address_fallback;
+    }
     if (asock == INVALID_SOCKET
         || !BIO_listen(asock, sock_address, sock_options)) {
         BIO_ADDRINFO_free(res);


More information about the openssl-commits mailing list