From owner-freebsd-bugs@FreeBSD.ORG  Fri May  2 22:00:00 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F07088BE
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Fri,  2 May 2014 22:00:00 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CD69910EC
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Fri,  2 May 2014 22:00:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s42M00IU082014
 for <freebsd-bugs@freefall.freebsd.org>; Fri, 2 May 2014 22:00:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s42M00oe082001;
 Fri, 2 May 2014 22:00:00 GMT (envelope-from gnats)
Resent-Date: Fri, 2 May 2014 22:00:00 GMT
Resent-Message-Id: <201405022200.s42M00oe082001@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 Dreamcat4 <dreamcat4@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id EB0743A9
 for <freebsd-gnats-submit@FreeBSD.org>; Fri,  2 May 2014 21:54:20 +0000 (UTC)
Received: from cgiserv.freebsd.org (cgiserv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:4])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D7E9710BD
 for <freebsd-gnats-submit@FreeBSD.org>; Fri,  2 May 2014 21:54:20 +0000 (UTC)
Received: from cgiserv.freebsd.org ([127.0.1.6])
 by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s42LsKCZ075398
 for <freebsd-gnats-submit@FreeBSD.org>; Fri, 2 May 2014 21:54:20 GMT
 (envelope-from nobody@cgiserv.freebsd.org)
Received: (from nobody@localhost)
 by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s42LsKAV075397;
 Fri, 2 May 2014 21:54:20 GMT (envelope-from nobody)
Message-Id: <201405022154.s42LsKAV075397@cgiserv.freebsd.org>
Date: Fri, 2 May 2014 21:54:20 GMT
From: Dreamcat4 <dreamcat4@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: misc/189268: man 3 getaddrinfo - hostanme="localhost",
 but it returns IN_ADDR_ANY (0.0.0.0)
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2014 22:00:01 -0000


>Number:         189268
>Category:       misc
>Synopsis:       man 3 getaddrinfo - hostanme="localhost", but it returns IN_ADDR_ANY (0.0.0.0)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 02 22:00:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Dreamcat4
>Release:        9.2-RELEASE-p3
>Organization:
>Environment:
FreeBSD freenas.local 9.2-RELEASE-p3 FreeBSD 9.2-RELEASE-p3 #0 r262572+7b72365: Fri Mar 14 15:50:04 PDT 2014     root@build.ixsystems.com:/home/jkh/9.2.1-BRANCH/freenas/os-base/amd64/tank/home/jkh/9.2.1-BRANCH/freenas/FreeBSD/src/sys/FREENAS.amd64  amd64

>Description:
* Inside a jail, no lo0 loopback interface.
* Calling this function returns the ip "0.0.0.0" (also known as "IN_ADDR_ANY").
* But we asked for the hostname "localhost" - which in our /etc/hosts file is set to "127.0.0.1".

The proof:
Example 'C' test program "test.c" is attached.
getaddrinfo ~/ root~# gcc test.c -o test && ./test
0.0.0.0

This affects the gSOAP library, it's function soap_bind(), which is called by VirtualBox's SOAP webservice ("vboxwebsrv").

These applications seem to do everything correctly. But the result is a bug. Please see test script "test.c" included.

The real-life bug occurs in this code where:

vboxweb.cpp:858:
    SOAP_SOCKET m, s; // master and slave sockets
    m = soap_bind(&soap,
                  g_pcszBindToHost ? g_pcszBindToHost : "localhost",    // safe default host
                  g_uBindToPort,    // port
                  g_uBacklog);      // backlog = max queue size for requests
    if (m < 0)
        WebLogSoapError(&soap);


and:

stdsoap2.cpp:4143:
  err = getaddrinfo(host, soap_int2s(soap, port), &hints, &addrinfo);

Is passing in "localhost", is told "0.0.0.0". Then later on in soap_bind(), the returned address "0.0.0.0" is passed into bind(). And bind() then binds to ALL interfaces (not just only the localhost interface, or should error out in the jail where lo0 has no IP address).

I looked hard in these applications but the bug isn't in there - it seems to be in the result returned be "getaddrinfo()" C library call.

I confirmed this was the case with "test.c" example program (below). Which was run in the same jail.

The test jail was created like this:

$ qjail create -4 192.168.1.203 getaddrinfo
$ qjail config -k getaddrinfo
$ qjail start getaddrinfo

>How-To-Repeat:
getaddrinfo ~/ root~# ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:1e:ec:d7:3a:1f
	inet 192.168.1.203 netmask 0xffffffff broadcast 192.168.1.203
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
getaddrinfo ~/ root~# ping -c 1 "localhost"
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.168 ms

--- localhost ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.168/0.168/0.168/0.000 ms
getaddrinfo ~/ root~# cat /etc/hosts | grep localhost
::1			localhost localhost.my.domain
127.0.0.1		localhost localhost.my.domain
getaddrinfo ~/ root~# cat test.c
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>


/* man getaddrinfo */

int main()
{
  struct addrinfo *addrinfo = NULL;
  struct addrinfo hints;
  struct addrinfo res;
  int err;

  memset((void*)&hints, 0, sizeof(hints));
  hints.ai_family   = PF_UNSPEC;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags    = AI_PASSIVE;

  err = getaddrinfo("localhost", "18083", &hints, &addrinfo);

  if (addrinfo)
  { 
    res = *addrinfo;
    printf("%s\n", inet_ntoa( ((struct sockaddr_in*)addrinfo->ai_addr)->sin_addr ));

    freeaddrinfo(addrinfo);
    return(0);
  }

  if (err || !addrinfo)
  {
    printf("getaddrinfo failed with code %i.\n",err);
    return(1);
  }

  printf("end_main()\n");
  return (0);

}

getaddrinfo ~/ root~# gcc test.c -o test && ./test
0.0.0.0
getaddrinfo ~/ root~# exit
logout

>Fix:
I suspect this function (getaddrinfo) shouldn't be returning IN_ADDR_ANY. It should either fail, or return "127.0.0.1" as per "/etc/hosts".


>Release-Note:
>Audit-Trail:
>Unformatted: