From: Antonio Quartulli Date: Tue, 25 Mar 2025 09:01:15 +0000 (+0100) Subject: socket: don't transfer bind family to socket in case of ANY address X-Git-Tag: v2.7_alpha1~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c319dcf048c56098a6aba142e76166684ff5ab12;p=thirdparty%2Fopenvpn.git socket: don't transfer bind family to socket in case of ANY address With the introduction of multisocket, we need to transfer the AI family of the bound address to the socket, as it may differ from what was set globally. However, this operation makes sense only when getaddrinfo() for bind is performed on a non-empty hostname. An empty hostname (ANY) may return AF_INET which will break following connection attempts to v6 only remotes. Change-Id: I27f305d3ae9bf650bab409e99173688d9f88ab65 Signed-off-by: Antonio Quartulli Acked-by: Arne Schwabe Message-Id: <20250325090121.28813-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31235.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 34a049e88..93d793baa 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1741,9 +1741,19 @@ resolve_bind_local(struct link_socket *sock, const sa_family_t af) gai_strerror(status)); } - /* the resolved 'local entry' might have a different family than what - * was globally configured */ - sock->info.af = sock->info.lsa->bind_local->ai_family; + /* the address family returned by openvpn_getaddrinfo() should be + * taken into consideration only if we really passed an hostname + * to resolve. Otherwise its value is not useful to us and may + * actually break our socket, i.e. when it returns AF_INET + * but our remote is v6 only. + */ + if (sock->local_host) + { + /* the resolved 'local entry' might have a different family than + * what was globally configured + */ + sock->info.af = sock->info.lsa->bind_local->ai_family; + } } gc_free(&gc);