From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 14 Jul 2021 09:15:34 +0000 (+0200)
Subject: apps: Use the first detected address family if IPv6 is not available
X-Git-Tag: OpenSSL_1_1_1l~46
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=657f3d030fce41600d3b9f8daf4cb98c8dc4ec3e;p=thirdparty%2Fopenssl.git

apps: Use the first detected address family if IPv6 is not available

This is a follow up of 15729bef385211bc2a0497e2d53a45c45d677d2c.  Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.

After eee8a40aa5e06841eed6fa8eb4f6109238d59aea, the do_server function
prefers the IPv6 address and fails on the BIO_socket call.  This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.

The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface.  However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16078)
---

diff --git a/apps/s_socket.c b/apps/s_socket.c
index 76f92890020..f16de241455 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -214,6 +214,8 @@ int do_server(int *accept_sock, const char *host, const char *port,
     const BIO_ADDRINFO *next;
     int sock_family, sock_type, sock_protocol, sock_port;
     const BIO_ADDR *sock_address;
+    int sock_family_fallback = AF_UNSPEC;
+    const BIO_ADDR *sock_address_fallback = NULL;
     int sock_options = BIO_SOCK_REUSEADDR;
     int ret = 0;
 
@@ -244,6 +246,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
             && BIO_ADDRINFO_protocol(next) == sock_protocol) {
         if (sock_family == AF_INET
                 && BIO_ADDRINFO_family(next) == AF_INET6) {
+            /* In case AF_INET6 is returned but not supported by the
+             * kernel, retry with the first detected address family */
+            sock_family_fallback = sock_family;
+            sock_address_fallback = sock_address;
             sock_family = AF_INET6;
             sock_address = BIO_ADDRINFO_address(next);
         } else if (sock_family == AF_INET6
@@ -253,6 +259,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
     }
 
     asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
+    if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) {
+        asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0);
+        sock_address = sock_address_fallback;
+    }
     if (asock == INVALID_SOCKET
         || !BIO_listen(asock, sock_address, sock_options)) {
         BIO_ADDRINFO_free(res);