From: Zbigniew Jędrzejewski-Szmek Date: Wed, 5 Nov 2025 17:39:09 +0000 (+0100) Subject: ssh-generator: filter out bogus vsock addresses X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=492ae9ec4eb7fdfe090fba2e59175072bfabf2f5;p=thirdparty%2Fsystemd.git ssh-generator: filter out bogus vsock addresses When VirtIO VSOCK device is not present, IOCTL_VM_SOCKETS_GET_LOCAL_CID returns VMADDR_CID_LOCAL/1, and we issue a hint to connect to vsock%1. This does not work. Filter out VMADDR_CID_LOCAL and VMADDR_CID_HOST, those are not real addresses that can be used from the outside. --- diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c index 1ec59ac63af..568072a492f 100644 --- a/src/basic/socket-util.c +++ b/src/basic/socket-util.c @@ -1932,6 +1932,13 @@ int vsock_get_local_cid(unsigned *ret) { return log_debug_errno(errno, "Failed to query local AF_VSOCK CID: %m"); log_debug("Local AF_VSOCK CID: %u", tmp); + /* If ret == NULL, we're just want to check if AF_VSOCK is available, so accept + * any address. Otherwise, filter out special addresses that are cannot be used + * to identify _this_ machine from the outside. */ + if (ret && IN_SET(tmp, VMADDR_CID_LOCAL, VMADDR_CID_HOST)) + return log_debug_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL), + "IOCTL_VM_SOCKETS_GET_LOCAL_CID returned special value (%u), ignoring.", tmp); + if (ret) *ret = tmp; return 0;