Check IPv4-mapped IPv6 addresses with --stop-rebind.

2025-12-19 10:18:25 +00:00 · 2015-05-08 20:25:51 +01:00
parent a77cec8d58
commit b059c96dc6
2 changed files with 20 additions and 4 deletions
--- a/3
+++ b/3
@@ -115,6 +115,9 @@ version 2.73
 	    header to 1280 bytes. If it then answers, make that
 	    change permanent.

+	    Check IPv4-mapped IPv6 addresses when --stop-rebind
+	    is active. Thanks to Jordan Milne for spotting this.
+
 	
 version 2.72
            Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1117,10 +1117,23 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		      memcpy(&addr, p1, addrlen);
 		      
 		      /* check for returned address in private space */
-		      if (check_rebind &&
-			  (flags & F_IPV4) &&
-			  private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
-			return 1;
+		      if (check_rebind)
+			{
+			  if ((flags & F_IPV4) &&
+			      private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
+			    return 1;
+			  
+#ifdef HAVE_IPV6
+			  if ((flags & F_IPV6) &&
+			      IN6_IS_ADDR_V4MAPPED(&addr.addr.addr6))
+			    {
+			      struct in_addr v4;
+			      v4.s_addr = ((const uint32_t *) (&addr.addr.addr6))[3];
+			      if (private_net(v4, !option_bool(OPT_LOCAL_REBIND)))
+				return 1;
+			    }
+#endif
+			}
 		      
 #ifdef HAVE_IPSET
 		      if (ipsets && (flags & (F_IPV4 | F_IPV6)))