Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) Subject: kerberos client unable to parse ipv6 addresses from krb5.conf X-RT-Original-Encoding: iso-8859-1 Content-Length: 6508 While testing the kerberos release with a ipv6 configuration, we found that kerberos client is not able to parse v6 addresses from the krb5.conf configuration file. Proposed fix: /lib/krb5/os/locate_kdc.c has been modified and the fix was tested to correctly parse the ipv6 addresses. The unified diffs is enclosed below ************************************************************************** *************** *** 382,393 **** cp = strchr(host, '\t'); if (cp) *cp = 0; ! cp = strchr(host, ':'); ! if (cp) ! *cp = 0; } } } else { krb5_xfree(host); } --- 382,423 ---- cp = strchr(host, '\t'); if (cp) *cp = 0; ! if ( host[0] == '[' ) { ! if (cp = strchr(host,']')) { /* [ipv6]:port */ ! char * tmp_host ; ! int host_len ; ! struct in6_addr in6 ; ! ! host_len = cp - host - 1 ; /* here (cp > host) */ ! tmp_host = (char*) malloc(host_len+1) ; ! if (tmp_host) { ! strncpy(tmp_host, host+1 , host_len ); ! tmp_host[host_len] = '\0' ; ! } else { ! profile_free_list(hostlist); ! krb5_xfree(masterlist); ! return ENOMEM ; } + /* Only if the addr b/w '[' and ']' is IPV6 addr */ + if ( inet_pton(AF_INET6, tmp_host, &in6 ) > 0 ) + { + host++;/* Move to v6 addr location from '['*/ + port = strchr(cp, ':'); + *cp = 0 ; /* The ipv6 address ends before ']' */ } + + krb5_xfree(tmp_host); + } /* hostname:port or only hostname */ } else { + struct in6_addr in6 ; + if ( inet_pton(AF_INET6, host, &in6) <= 0 ) { + /* Its not ipv6 address */ + port = strchr(host, ':'); + } + } + } + } + } else { krb5_xfree(host); } *************** *** 416,422 **** --- 446,484 ---- cp = strchr(host, '\t'); if (cp) *cp = 0; + if ( host[0] == '[' ) { + if (cp = strchr(host,']')) { /* [ipv6]:port */ + char * tmp_host ; + int host_len ; + struct in6_addr in6 ; + + host_len = cp - host - 1 ; /* here (cp > host) */ + tmp_host = (char*) malloc(host_len+1) ; + if (tmp_host) { + strncpy(tmp_host, host+1 , host_len ); + tmp_host[host_len] = '\0' ; + } else { + profile_free_list(hostlist); + krb5_xfree(masterlist); + return ENOMEM ; + } + /* Only if the addr b/w '[' and ']' is IPV6 addr */ + if ( inet_pton(AF_INET6, tmp_host, &in6 ) > 0 ) + { + host++;/* Move to v6 addr location from '['*/ + port = strchr(cp, ':'); + *cp = 0 ; /* The ipv6 address ends before ']' */ + } + + krb5_xfree(tmp_host); + } /* hostname:port or only hostname */ + } else { + struct in6_addr in6 ; + if ( inet_pton(AF_INET6, host, &in6) <= 0 ) { + /* Its not ipv6 address */ port = strchr(host, ':'); + } + } if (port) { *port = 0; port++; *************** *** 453,467 **** p1 = udpport; p2 = sec_udpport; } - if (socktype != 0) ! code = add_host_to_list (addrlist, hostlist[i], p1, p2, socktype, family); else { ! code = add_host_to_list (addrlist, hostlist[i], p1, p2, SOCK_DGRAM, family); if (code == 0) ! code = add_host_to_list (addrlist, hostlist[i], p1, p2, SOCK_STREAM, family); } if (code) { --- 515,528 ---- p1 = udpport; p2 = sec_udpport; } if (socktype != 0) ! code = add_host_to_list (addrlist, host, p1, p2, socktype, family); else { ! code = add_host_to_list (addrlist, host, p1, p2, SOCK_DGRAM, family); if (code == 0) ! code = add_host_to_list (addrlist, host, p1, p2, SOCK_STREAM, family); } if (code) { *************** *** 481,486 **** --- 542,548 ---- if (masterlist) profile_free_list(masterlist); + return 0; } *************** if (code) { --- 515,528 ---- p1 = udpport; p2 = sec_udpport; } if (socktype != 0) ! code = add_host_to_list (addrlist, host, p1, p2, socktype, family); else { ! code = add_host_to_list (addrlist, host, p1, p2, SOCK_DGRAM, family); if (code == 0) ! code = add_host_to_list (addrlist, host, p1, p2, SOCK_STREAM, family); } if (code) { *************** *** 481,486 **** --- 542,548 ---- if (masterlist) profile_free_list(masterlist); + return 0; } *************** *** 587,593 **** code = krb5_locate_srv_conf_1(context, realm, profname, &al, get_masters, socktype, dflport1, dflport2, family); - #ifdef KRB5_DNS_LOOKUP if (code && dnsname != 0) { int use_dns = _krb5_use_dns_kdc(context); --- 649,654 ----