The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=e5ff8e7977434b150a66bb3e472c6d0e0f644cfa
commit e5ff8e7977434b150a66bb3e472c6d0e0f644cfa Author: Dag-Erling Smørgrav <[email protected]> AuthorDate: 2025-11-04 11:31:48 +0000 Commit: Dag-Erling Smørgrav <[email protected]> CommitDate: 2025-11-04 11:31:48 +0000 openssh: Don't try to bind to unsupported addresses When selecting an address to bind to, skip IPv4 addresses if the kernel does not support the inet feature, and IPv6 addresses if the kernel does not support the inet6 feature. PR: 195231 MFC after: 1 week Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D53561 --- crypto/openssh/sshconnect.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index c86182d13673..cb45d719f961 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -303,6 +303,8 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, * Prefer addresses that are not loopback or linklocal, but use them * if nothing else matches. */ + int inet_supported = feature_present("inet"); + int inet6_supported = feature_present("inet6"); for (allow_local = 0; allow_local < 2; allow_local++) { for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL || @@ -312,6 +314,8 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, continue; switch (ifa->ifa_addr->sa_family) { case AF_INET: + if (!inet_supported) + continue; sa = (struct sockaddr_in *)ifa->ifa_addr; if (!allow_local && sa->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) @@ -324,6 +328,8 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, memcpy(resultp, sa, *rlenp); return 0; case AF_INET6: + if (!inet6_supported) + continue; sa6 = (struct sockaddr_in6 *)ifa->ifa_addr; v6addr = &sa6->sin6_addr; if (!allow_local &&
