Bug 20732 - glibc may not correctly set "socklen_t addrlen" when accept(2)'ing an ipv6 connection
glibc may not correctly set "socklen_t addrlen" when accept(2)'ing an ipv6 co...
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: glibc (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-12 17:06 EST by Gordon Messmer
Modified: 2016-11-24 10:02 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-12 17:06:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gordon Messmer 2000-11-12 17:06:45 EST
The Courier mail server (http://www.courier-mta.org) demonstrates a problem
which may be a bug in glibc.  When connecting to any local port that
courier listens on (telnet localhost 25), courier tcpd accept()s an
AF_INET6 connection.  It attempts to verify the validity of the connection,
during one of its checks, it compares the sizeof( struct sockaddr_in6 )
with the addrlen given by the call to accept().  The addrlen is 24, while
sizeof( struct sockaddr_in6 ) is 28.  Therefore, the test fails and the
connection is dropped.

The man page for accept states that addrlen will be set to "the actual
length (in bytes) of  the  address returned".  Courier, then, expects the
addrlen to be at least the size of a struct sockaddr_in6.

The kernel headers on this system are those from 2.2.16-22.
Comment 1 Jakub Jelinek 2000-11-16 09:15:58 EST
If you want to use IPv6, you must use 2.4 kernels. This is actually not related
to glibc at all, because glibc accept directly passes its arguments to
the kernel. IPv6 is a moving target and e.g. struct sockaddr_in6 has been
updated in 2.4 by adding sin6_scope_id.
Comment 2 Vadim Nasardinov 2005-08-24 11:29:50 EDT
Noa Resare filed a bug with Sun.  See bug 163006, comment #4.

It's a bug in Sun's JVM.  In comment #2, Ben Stringer writes:

 | connect(4, {sa_family=AF_INET6, sin6_port=htons(32774),
 | inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0,
 | sin6_scope_id=3213364936}, 24) = -1 EINVAL

Note that the value of the "addrlen" parameter to "connect" is 24 in
the above call.  It should be 28, because
sizeof(struct sockaddr_in6) is 28.
Comment 3 Vadim Nasardinov 2005-08-24 11:31:18 EDT
oops, sorry. had too many tickets open in firefox. posted a comment
on the wrong ticket.

Note You need to log in before you can comment on or make changes to this bug.