Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 30 Apr 2021 15:26:13 -0230
From: Julian Squires <>
Cc: Julian Squires <>,
	Bob Richmond <>
Subject: [PATCH] handle linux-specific errors in getaddrinfo AI_ADDRCONFIG

linux allows adding ip rules with actions such as RTN_PROHIBIT or
RTN_BLACKHOLE to the loopback interface, e.g.:

  ip -6 rule add from all iif lo lookup unspec prohibit

if the loopback interface also has ipv6 disabled:

  sysctl net/ipv6/conf/lo/disable_ipv6=1

the connect() in getaddrinfo will return EACCES or EINVAL,
respectively, and getaddrinfo will erroneously return early.

this may sound like a perverse misconfiguration, but it happens easily
on openwrt systems where ipv6 has been disabled, as openwrt's netifd
by default sets up these rules (with a custom RTN_POLICY_FAILED
action, which behaves like RTN_PROHIBIT in this case).

Signed-off-by: Julian Squires <>
Co-authored-by: Bob Richmond <>
 src/network/getaddrinfo.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/network/getaddrinfo.c b/src/network/getaddrinfo.c
index efaab306..9a9c3cbc 100644
--- a/src/network/getaddrinfo.c
+++ b/src/network/getaddrinfo.c
@@ -76,6 +76,8 @@ int getaddrinfo(const char *restrict host, const char *restrict serv, const stru
 			case ENETDOWN:
+			case EACCES:
+			case EINVAL:
 				return EAI_SYSTEM;

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.