The original InetSocketAddress struct may have has_ipv4 and
has_ipv6 fields set, which will control both the ai_family
used during DNS resolution, and later use of the V6ONLY
flag.

Currently the standalone DNS resolver code drops the
has_ipv4 & has_ipv6 flags after resolving, which means
the later bind() code won't correctly set V6ONLY.

This fixes the following scenarios

  -vnc :0,ipv4=off
  -vnc :0,ipv6=on
  -vnc :::0,ipv4=off
  -vnc :::0,ipv6=on

which all mistakenly accepted IPv4 clients

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 io/dns-resolver.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/io/dns-resolver.c b/io/dns-resolver.c
index 57a8896..c072d12 100644
--- a/io/dns-resolver.c
+++ b/io/dns-resolver.c
@@ -116,8 +116,10 @@ static int qio_dns_resolver_lookup_sync_inet(QIODNSResolver *resolver,
             .numeric = true,
             .has_to = iaddr->has_to,
             .to = iaddr->to,
-            .has_ipv4 = false,
-            .has_ipv6 = false,
+            .has_ipv4 = iaddr->has_ipv4,
+            .ipv4 = iaddr->ipv4,
+            .has_ipv6 = iaddr->has_ipv6,
+            .ipv6 = iaddr->ipv6,
         };
 
         (*addrs)[i] = newaddr;
-- 
2.9.3

On 05/19/2017 03:03 PM, Daniel P. Berrange wrote:
> The original InetSocketAddress struct may have has_ipv4 and
> has_ipv6 fields set, which will control both the ai_family
> used during DNS resolution, and later use of the V6ONLY
> flag.
>
> Currently the standalone DNS resolver code drops the
> has_ipv4 & has_ipv6 flags after resolving, which means
> the later bind() code won't correctly set V6ONLY.
>
> This fixes the following scenarios
>
>   -vnc :0,ipv4=off
>   -vnc :0,ipv6=on
>   -vnc :::0,ipv4=off
>   -vnc :::0,ipv6=on
>
> which all mistakenly accepted IPv4 clients
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
>  io/dns-resolver.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/io/dns-resolver.c b/io/dns-resolver.c
> index 57a8896..c072d12 100644
> --- a/io/dns-resolver.c
> +++ b/io/dns-resolver.c
> @@ -116,8 +116,10 @@ static int qio_dns_resolver_lookup_sync_inet(QIODNSResolver *resolver,
>              .numeric = true,
>              .has_to = iaddr->has_to,
>              .to = iaddr->to,
> -            .has_ipv4 = false,
> -            .has_ipv6 = false,
> +            .has_ipv4 = iaddr->has_ipv4,
> +            .ipv4 = iaddr->ipv4,
> +            .has_ipv6 = iaddr->has_ipv6,
> +            .ipv6 = iaddr->ipv6,
>          };
>
>          (*addrs)[i] = newaddr;
>

On 05/19/2017 01:03 PM, Daniel P. Berrange wrote:
> The original InetSocketAddress struct may have has_ipv4 and
> has_ipv6 fields set, which will control both the ai_family
> used during DNS resolution, and later use of the V6ONLY
> flag.
> 
> Currently the standalone DNS resolver code drops the
> has_ipv4 & has_ipv6 flags after resolving, which means
> the later bind() code won't correctly set V6ONLY.
> 
> This fixes the following scenarios
> 
>   -vnc :0,ipv4=off
>   -vnc :0,ipv6=on
>   -vnc :::0,ipv4=off
>   -vnc :::0,ipv6=on
> 
> which all mistakenly accepted IPv4 clients
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  io/dns-resolver.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 

Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org