netbsd-bugs: lib/16810: libwrap IPv6 support does not handle scoped address correctly

Subject: lib/16810: libwrap IPv6 support does not handle scoped address correctly
To: None <gnats-bugs@gnats.netbsd.org>
From: None <itojun@itojun.org>
List: netbsd-bugs
Date: 05/14/2002 23:26:16

>Number:         16810
>Category:       lib
>Synopsis:       libwrap IPv6 support does not handle scoped address correctly
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 14 07:27:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Jun-ichiro itojun Hagino
>Release:        NetBSD 1.5.x and current
>Organization:
	itojun.org
>Environment:
System: NetBSD coconut.itojun.org 1.5.3_ALPHA NetBSD 1.5.3_ALPHA (COCONUT) #11: Thu Jan 17 18:59:51 JST 2002 itojun@coconut.itojun.org:/export/home/itojun/NetBSD15/src/sys/arch/i386/compile/COCONUT i386

>Description:
	libwrap IPv6 support is using IPv4 mapped address (::ffff:10.1.1.1)
	internally when comparing address/mask in /etc/hosts.{allow,deny}.
	it does not handle scoped IPv6 address at all.

	while it makes it easier for libwrap to deal with IPv4 mapped
	address case (IPv4 connection towards AF_INET6 socket),
	it makes it impossible to write hosts.{allow,deny} rule that
	takes scoped IPv6 address into account - for example, it is not possible
	to have a rule that allows fe80::%fxp0/64 while denies fe80::%fxp1/64.
>How-To-Repeat:
	code inspection.
>Fix:
	avoid IPv4 mapped address, it was a very bad idea afterall.
>Release-Note:
>Audit-Trail:
>Unformatted: