From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 8 May 2015 19:25:51 +0000 (+0100)
Subject: Check IPv4-mapped IPv6 addresses with --stop-rebind.
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b059c96dc69dfe3055c5b32b078a05c53b11ebb3;p=people%2Fms%2Fdnsmasq.git

Check IPv4-mapped IPv6 addresses with --stop-rebind.
---

diff --git a/CHANGELOG b/CHANGELOG
index d8fc57a..94a521f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -115,6 +115,9 @@ version 2.73
 	    header to 1280 bytes. If it then answers, make that
 	    change permanent.
 
+	    Check IPv4-mapped IPv6 addresses when --stop-rebind
+	    is active. Thanks to Jordan Milne for spotting this.
+
 	
 version 2.72
             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 8b1709d..5e3f566 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1117,10 +1117,23 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		      memcpy(&addr, p1, addrlen);
 		      
 		      /* check for returned address in private space */
-		      if (check_rebind &&
-			  (flags & F_IPV4) &&
-			  private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
-			return 1;
+		      if (check_rebind)
+			{
+			  if ((flags & F_IPV4) &&
+			      private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
+			    return 1;
+			  
+#ifdef HAVE_IPV6
+			  if ((flags & F_IPV6) &&
+			      IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6))
+			    {
+			      struct in_addr v4;
+			      v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3];
+			      if (private_net(v4, !option_bool(OPT_LOCAL_REBIND)))
+				return 1;
+			    }
+#endif
+			}
 		      
 #ifdef HAVE_IPSET
 		      if (ipsets && (flags & (F_IPV4 | F_IPV6)))