[stunnel-users] A couple of patches against 4.06

Peter Pentchev roam at ringlet.net
Thu Dec 30 15:10:15 CET 2004 

On Thu, Dec 30, 2004 at 02:03:38PM +0100, Michal Trojnara wrote:
> Peter Pentchev wrote:
> 
> >That's funny.  Which IPv6 implementation is that - USAGI?
> 
> getnameinfo is defined in glibc library:
> "The getaddrinfo and getnameinfo functions and supporting code were written 
> by Craig Metz; see the file LICENSES for details on their licensing."

Ahh.  Now all we need is a reason why there is no manpage mentioning
getnameinfo() and getaddrinfo() in Debian testing :)  That's why I
thought it was part of some add-on kit, not plain vanilla glibc.

> >What do you think about the following version of the patch, which
> >adds a configure check for the KAME version of getnameinfo()?
> 
> I don't think getnameinfo() error is very probable with 
> NI_NUMERICHOST|NI_NUMERICSERV.  8-)

Actually, it is - for some reason I get an EAI_MEMORY error with the
FreeBSD getnameinfo() implementation, when I define a service like this:

[ppp-stray]
accept = f00f:4004:f00f:4004::f00f:1813
connect = 192.168.0.17:1813

I will look into this soon, but in the meantime, at least the FreeBSD
port of stunnel will retain the s_gai_strerror() handling of
getnameinfo() errors.

[about five minutes later]

*Oof*.  Come to think of it, the reason is kinda obvious: s_ntop() only
passes a 20-character host[] buffer to getnameinfo(), and a numeric IPv6
address may certainly grow a bit larger than that :)  Shouldn't IPLEN in
common.h be bumped up to at least 50?  Maybe even a bit more - IPv6
addresses may be local to an interface - 'fe80::111:222%tun0' - so the
total length should be 39 for the numeric address + 1 for the '%' +
length of the interface name (which seems to be 15 for most BSD's and
Linuxen) + 1 for the separator + 5 for the port name + 1 for the
terminating null character = about 62.  How about it?

> I guess we don't really need to report an error text other than 
> "getnameinfo failed".

Maybe, if we agree on increasing IPLEN :)

I'm attaching two patches:

  stunnel-simple-iplen.patch - bumps IPLEN to 62 and makes s_ntop()
    use the correct size limit for host[] and the getnameinfo() invocation;

  stunnel-kame-iplen.patch - same, but with the added autoconf detection
    of KAME getnameinfo() and use of s_gai_strerror() if necessary (and it
    might be necessary, at least on most BSD's, which have the KAME stack)

Of course, the EAI_NODATA chunk of the original patch is still necessary.

And now, hopefully I won't bother you anymore until the holidays are over :)

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence contradicts itself - or rather - well, no, actually it doesn't!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20041230/17259ae5/attachment.sig>

More information about the stunnel-users mailing list