summaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2025-11-04 12:31:48 +0100
committerDag-Erling Smørgrav <des@FreeBSD.org>2025-11-04 12:31:48 +0100
commite5ff8e7977434b150a66bb3e472c6d0e0f644cfa (patch)
tree15378b5e95ef1689f2d6c0b8f4611e3077dc6e4e /crypto
parent3ccb2d9513e6a2e046e635c186da68acf8f8498b (diff)
openssh: Don't try to bind to unsupported addresses
When selecting an address to bind to, skip IPv4 addresses if the kernel does not support the inet feature, and IPv6 addresses if the kernel does not support the inet6 feature. PR: 195231 MFC after: 1 week Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D53561
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssh/sshconnect.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c
index c86182d13673..cb45d719f961 100644
--- a/crypto/openssh/sshconnect.c
+++ b/crypto/openssh/sshconnect.c
@@ -303,6 +303,8 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
* Prefer addresses that are not loopback or linklocal, but use them
* if nothing else matches.
*/
+ int inet_supported = feature_present("inet");
+ int inet6_supported = feature_present("inet6");
for (allow_local = 0; allow_local < 2; allow_local++) {
for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL ||
@@ -312,6 +314,8 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
continue;
switch (ifa->ifa_addr->sa_family) {
case AF_INET:
+ if (!inet_supported)
+ continue;
sa = (struct sockaddr_in *)ifa->ifa_addr;
if (!allow_local && sa->sin_addr.s_addr ==
htonl(INADDR_LOOPBACK))
@@ -324,6 +328,8 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
memcpy(resultp, sa, *rlenp);
return 0;
case AF_INET6:
+ if (!inet6_supported)
+ continue;
sa6 = (struct sockaddr_in6 *)ifa->ifa_addr;
v6addr = &sa6->sin6_addr;
if (!allow_local &&
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-19 11:54:22 +0000