[ipfire-2.x.git] / src / patches / dnsmasq / 0089-Check-IPv4-mapped-IPv6-addresses-with--stop-rebind.patch

From b059c96dc69dfe3055c5b32b078a05c53b11ebb3 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 8 May 2015 20:25:51 +0100
Subject: [PATCH] Check IPv4-mapped IPv6 addresses with --stop-rebind.

---
 CHANGELOG     |    3 +++
 src/rfc1035.c |   21 +++++++++++++++++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index d8fc57a..94a521f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -115,6 +115,9 @@ version 2.73
 	    header to 1280 bytes. If it then answers, make that
 	    change permanent.
 
+	    Check IPv4-mapped IPv6 addresses when --stop-rebind
+	    is active. Thanks to Jordan Milne for spotting this.
+
 	
 version 2.72
             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 8b1709d..5e3f566 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1117,10 +1117,23 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		      memcpy(&addr, p1, addrlen);
 		      
 		      /* check for returned address in private space */
-		      if (check_rebind &&
-			  (flags & F_IPV4) &&
-			  private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
-			return 1;
+		      if (check_rebind)
+			{
+			  if ((flags & F_IPV4) &&
+			      private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
+			    return 1;
+			  
+#ifdef HAVE_IPV6
+			  if ((flags & F_IPV6) &&
+			      IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6))
+			    {
+			      struct in_addr v4;
+			      v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3];
+			      if (private_net(v4, !option_bool(OPT_LOCAL_REBIND)))
+				return 1;
+			    }
+#endif
+			}
 		      
 #ifdef HAVE_IPSET
 		      if (ipsets && (flags & (F_IPV4 | F_IPV6)))
-- 
1.7.10.4
Commit	Line	Data
7cbd5332 MF	1	From b059c96dc69dfe3055c5b32b078a05c53b11ebb3 Mon Sep 17 00:00:00 2001
	2	From: Simon Kelley <simon@thekelleys.org.uk>
	3	Date: Fri, 8 May 2015 20:25:51 +0100
	4	Subject: [PATCH] Check IPv4-mapped IPv6 addresses with --stop-rebind.
	5
	6	---
	7	CHANGELOG \| 3 +++
	8	src/rfc1035.c \| 21 +++++++++++++++++----
	9	2 files changed, 20 insertions(+), 4 deletions(-)
	10
	11	diff --git a/CHANGELOG b/CHANGELOG
	12	index d8fc57a..94a521f 100644
	13	--- a/CHANGELOG
	14	+++ b/CHANGELOG
	15	@@ -115,6 +115,9 @@ version 2.73
	16	header to 1280 bytes. If it then answers, make that
	17	change permanent.
	18
	19	+ Check IPv4-mapped IPv6 addresses when --stop-rebind
	20	+ is active. Thanks to Jordan Milne for spotting this.
	21	+
	22
	23	version 2.72
	24	Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
	25	diff --git a/src/rfc1035.c b/src/rfc1035.c
	26	index 8b1709d..5e3f566 100644
	27	--- a/src/rfc1035.c
	28	+++ b/src/rfc1035.c
	29	@@ -1117,10 +1117,23 @@ int extract_addresses(struct dns_header header, size_t qlen, char name, time_t
	30	memcpy(&addr, p1, addrlen);
	31
	32	/* check for returned address in private space */
	33	- if (check_rebind &&
	34	- (flags & F_IPV4) &&
	35	- private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
	36	- return 1;
	37	+ if (check_rebind)
	38	+ {
	39	+ if ((flags & F_IPV4) &&
	40	+ private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
	41	+ return 1;
	42	+
	43	+#ifdef HAVE_IPV6
	44	+ if ((flags & F_IPV6) &&
	45	+ IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6))
	46	+ {
	47	+ struct in_addr v4;
	48	+ v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3];
	49	+ if (private_net(v4, !option_bool(OPT_LOCAL_REBIND)))
	50	+ return 1;
	51	+ }
	52	+#endif
	53	+ }
	54
	55	#ifdef HAVE_IPSET
	56	if (ipsets && (flags & (F_IPV4 \| F_IPV6)))
	57	--
	58	1.7.10.4