From 7ce361737fad30a78e47f2d12bd797efcc056b1c Mon Sep 17 00:00:00 2001 From: Josh Rickmar Date: Thu, 25 Mar 2021 14:37:48 +0000 Subject: [PATCH] net: only perform IPv4 map check for AF_INET6 sockets This change avoids executing syscalls testing if IPv4 address mapping is possible unless the socket being opened belongs to the AF_INET6 family. In a pledged OpenBSD process, this test is only allowed when the "inet" pledge is granted; however this check was also being performed for AF_UNIX sockets (separately permitted under the "unix" pledge), and would cause the process to be killed by the kernel. By avoiding the IPv4 address mapping check until the socket is checked to be AF_INET6, a pledged OpenBSD process using AF_UNIX sockets without the "inet" pledge won't be killed for this misbehavior. The OpenBSD kernel is not currently ready to support using UNIX domain sockets with only the "unix" pledge (and without "inet"), but this is one change necessary to support this. Change-Id: If6962a7ad999b71bcfc9fd8e10d9c4067fa3f338 GitHub-Last-Rev: 3c5541b334fad54606a3d14dfe1b63b28b33a0d1 GitHub-Pull-Request: golang/go#45155 Reviewed-on: https://go-review.googlesource.com/c/go/+/303276 Run-TryBot: Tobias Klauser TryBot-Result: Go Bot Reviewed-by: Tobias Klauser Reviewed-by: Aaron Bieber Trust: Ian Lance Taylor --- src/net/sockopt_bsd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/net/sockopt_bsd.go b/src/net/sockopt_bsd.go index 216e5d52f1..ee1f98b834 100644 --- a/src/net/sockopt_bsd.go +++ b/src/net/sockopt_bsd.go @@ -26,7 +26,7 @@ func setDefaultSockopts(s, family, sotype int, ipv6only bool) error { syscall.SetsockoptInt(s, syscall.IPPROTO_IPV6, syscall.IPV6_PORTRANGE, syscall.IPV6_PORTRANGE_HIGH) } } - if supportsIPv4map() && family == syscall.AF_INET6 && sotype != syscall.SOCK_RAW { + if family == syscall.AF_INET6 && sotype != syscall.SOCK_RAW && supportsIPv4map() { // Allow both IP versions even if the OS default // is otherwise. Note that some operating systems // never admit this option. -- 2.50.0