From 492ae9ec4eb7fdfe090fba2e59175072bfabf2f5 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 5 Nov 2025 18:39:09 +0100
Subject: [PATCH] ssh-generator: filter out bogus vsock addresses

When VirtIO VSOCK device is not present, IOCTL_VM_SOCKETS_GET_LOCAL_CID
returns VMADDR_CID_LOCAL/1, and we issue a hint to connect to vsock%1.
This does not work. Filter out VMADDR_CID_LOCAL and VMADDR_CID_HOST,
those are not real addresses that can be used from the outside.
---
 src/basic/socket-util.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 1ec59ac63af..568072a492f 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -1932,6 +1932,13 @@ int vsock_get_local_cid(unsigned *ret) {
                 return log_debug_errno(errno, "Failed to query local AF_VSOCK CID: %m");
         log_debug("Local AF_VSOCK CID: %u", tmp);
 
+        /* If ret == NULL, we're just want to check if AF_VSOCK is available, so accept
+         * any address. Otherwise, filter out special addresses that are cannot be used
+         * to identify _this_ machine from the outside. */
+        if (ret && IN_SET(tmp, VMADDR_CID_LOCAL, VMADDR_CID_HOST))
+                return log_debug_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL),
+                                       "IOCTL_VM_SOCKETS_GET_LOCAL_CID returned special value (%u), ignoring.", tmp);
+
         if (ret)
                 *ret = tmp;
         return 0;
-- 
2.47.3