| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Mar 2009 22:26:30 -0400 From: Vlad Yasevich <vladislav.yasevich@...com> To: David Miller <davem@...emloft.net> CC: chuck.lever@...cle.com, netdev@...r.kernel.org Subject: Re: IPv6 address printf format specifier David Miller wrote: > From: Vlad Yasevich <vladislav.yasevich@...com> > Date: Mon, 16 Mar 2009 13:13:00 -0400 > >> Chuck Lever wrote: >>> The NFS and RPC code in the kernel now uses the new printf format >>> specifier for IPv6 addresses. In some cases, the generated address >>> string is sent out of the kernel (for example, it is used to build a >>> universal address for RPCB_SET requests, and used as the mon_name in >>> some SM_MON upcalls to our rpc.statd). >>> >>> The problem is that outside the kernel, applications generally use >>> getnameinfo(3) or inet_ntop(3) to do this conversion. The library >>> follows the RFC suggestion of shortening these address strings by >>> replacing the longest series of zeroes in the IPv6 address with "::". >>> >>> Since the kernel doesn't do that, string comparisons don't work when >>> comparing address strings that came from our kernel. Since these >>> address strings appear to other hosts (via the rpcbind registry) this >>> is, or could become, an interoperability issue for Linux. >>> >>> How should I fix this? >>> >>> 1. Copy glibc's code to the printf logic for %pI6 >> I think this is the optimum solution. This normalizes kernel output >> with that of user-space thus creating a uniform format. >> >> My $0.02 > > Then you'll break cases where this string is output via > some /proc/ file or whatever and it expects the existing > behavior. > > I don't think we can do this. > Ugh... you are right. Changing the formating across the board is a non-starter, as much as I would still like to see it. Upon rereading Chunk's text and re-reading RFC 2732 and RFC 4291, I've come to the conclusion that any application that attempts to compare textual representations of IPv6 addresses is misguided at best. There are multiple different forms of presenting addresses, all of which are valid and non of which will provide for sting equality. Regardless of how we represent our IPv6 addresses, there is a chance that it will cause interoperability issues and the only way to truly solve it is to change applications to compare addresses in their true numerical representation. -vlad -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists