Bug#441082: marked as done (linux-igd does not restrict itself to the internal interface)

To: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Subject: Bug#441082: marked as done (linux-igd does not restrict itself to the internal interface)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 17 Dec 2018 07:48:05 +0000
Message-id: <[🔎] handler.441082.D441082.15450324119274.ackdone@bugs.debian.org>
Reply-to: 441082@bugs.debian.org
References: <[🔎] E1gYnVW-0007KC-MR@fasolo.debian.org> <116202240709060837t7359e302g150425eb7436133@mail.gmail.com>

Your message dated Mon, 17 Dec 2018 07:40:06 +0000
with message-id <[🔎] E1gYnVW-0007KC-MR@fasolo.debian.org>
and subject line Bug#916643: Removed package(s) from unstable
has caused the Debian Bug report #441082,
regarding linux-igd does not restrict itself to the internal interface
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
441082: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441082
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: linux-igd does not restrict itself to the internal interface
From: "Peter Naulls" <peter@mushroomnetworks.com>
Date: Thu, 6 Sep 2007 08:37:30 -0700
Message-id: <116202240709060837t7359e302g150425eb7436133@mail.gmail.com>

Package: linux-igd
Version: 0.cvs20060201-2
Severity: important
Tags: security, patch

linux-igd listens for UDP mutlicast packets but does not restrict
itself to just the internal interface (which has to be specified in
any case), thereby opening itself to possible external requests for
port forwarding.   In many cases this would be blocked by firewalling
rules on the same machine as the daemon, so would not be any issue
there.

This can be fixed with a simple bind() or SO_BINDTODEVICE as in the
attached patch.  Note that this patch is against the latest CVS, but
should be correct for the Debian versions.

Note that a more recent version of linux-igd has been packaged for Debian here:

http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=linux-igd

Index: util.c
===================================================================
RCS file: /cvsroot/linux-igd/linux-igd/util.c,v
retrieving revision 1.3
diff -u -r1.3 util.c
--- util.c	1 Aug 2006 22:48:00 -0000	1.3
+++ util.c	6 Sep 2007 15:25:34 -0000
@@ -8,10 +8,11 @@
 #include <netinet/in.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
+#include <unistd.h>
 #include "globals.h"
 
 
-static int get_sockfd(void)
+static int get_sockfd(const char *ifname)
 {
    static int sockfd = -1;
 
@@ -22,18 +23,26 @@
          perror("user: socket creating failed");
          return (-1);
       }
+
+      if (setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE, ifname, sizeof(ifname)))
+      {
+         perror("could not bind to device");
+         close(sockfd);
+         return (-1);
+      }
+
    }
    return sockfd;
 }
 
-int GetIpAddressStr(char *address, char *ifname)
+int GetIpAddressStr(char *address, const char *ifname)
 {
    struct ifreq ifr;
    struct sockaddr_in *saddr;
    int fd;
    int succeeded = 0;
 
-   fd = get_sockfd();
+   fd = get_sockfd(ifname);
    if (fd >= 0 )
    {
       strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
Index: util.h
===================================================================
RCS file: /cvsroot/linux-igd/linux-igd/util.h,v
retrieving revision 1.3
diff -u -r1.3 util.h
--- util.h	1 Aug 2006 22:48:00 -0000	1.3
+++ util.h	6 Sep 2007 15:25:34 -0000
@@ -1,8 +1,8 @@
 #ifndef _UTIL_H_
 #define _UTIL_H_
 
-int get_sockfd(void);
-int GetIpAddressStr(char *address, char *ifname);
+int get_sockfd(const char *ifname);
+int GetIpAddressStr(char *address, const char *ifname);
 void trace(int debuglevel, const char *format, ...);
 
 #endif //_UTIL_H_

--- End Message ---

--- Begin Message ---

To: 441082-done@bugs.debian.org,497111-done@bugs.debian.org,497154-done@bugs.debian.org,512991-done@bugs.debian.org,675246-done@bugs.debian.org,699351-done@bugs.debian.org,716424-done@bugs.debian.org,764427-done@bugs.debian.org,767178-done@bugs.debian.org,912066-done@bugs.debian.org,857247-done@bugs.debian.org,

Cc: linux-igd@packages.debian.org

Subject: Bug#916643: Removed package(s) from unstable

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Date: Mon, 17 Dec 2018 07:40:06 +0000

Message-id: <[🔎] E1gYnVW-0007KC-MR@fasolo.debian.org>
Version: 1.0+cvs20070630-6+rm

Dear submitter,

as the package linux-igd has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/916643

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---

Reply to:

References:
- Bug#916643: Removed package(s) from unstable
  - From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Prev by Date: zfs-fuse is marked for autoremoval from testing
Next by Date: Bug#497154: marked as done (linux-igd uses excessive amounts of virtual memory)
Previous by thread: Bug#916643: Removed package(s) from unstable
Next by thread: Bug#497154: marked as done (linux-igd uses excessive amounts of virtual memory)
Index(es):
- Date
- Thread