Mailing List Archive

openssh 5.0p1: Solaris - Failed to allocate internet-domain X11 display socket.
On Solaris 10 (SPARC & x86), I'm seeing the following error:

error: Failed to allocate internet-domain X11 display socket.


I tracked this down to this code change between openssh 4.7p1 and
5.0p1:

*** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007
--- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008
***************
*** 1,4 ****
! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
--- 1,4 ----
! /* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
***************
*** 2905,2913 ****
debug2("bind port %d: %.100s", port, strerror(errno));
close(sock);

- if (ai->ai_next)
- continue;
-
for (n = 0; n < num_socks; n++) {
close(socks[n]);
}
--- 2906,2911 ----


When those two lines are added back in, X11 forwarding is able to get
a port bound.

This is only the case on Solaris. On Linux, *BSD, IRIX systems the
current code works.

Thanks for looking into this.

Pieter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
RE: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket. [ In reply to ]
> -----Original Message-----
> From: openssh-unix-dev-bounces+scott_n=xypro.com@mindrot.org
> [mailto:openssh-unix-dev-bounces+scott_n=xypro.com@mindrot.org] On
> Behalf Of Pieter Bowman
> Sent: Wednesday, July 16, 2008 11:17 AM
> To: openssh-unix-dev@mindrot.org
> Cc: bowman@math.utah.edu
> Subject: openssh 5.0p1: Solaris - Failed to allocate internet-domain
> X11display socket.
>
> On Solaris 10 (SPARC & x86), I'm seeing the following error:
>
> error: Failed to allocate internet-domain X11 display socket.
>
>
> I tracked this down to this code change between openssh 4.7p1 and
> 5.0p1:
>
> *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007
> --- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008
> ***************
> *** 1,4 ****
> ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
> /*
> * Author: Tatu Ylonen <ylo@cs.hut.fi>
> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
> --- 1,4 ----
> ! /* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
> /*
> * Author: Tatu Ylonen <ylo@cs.hut.fi>
> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
> ***************
> *** 2905,2913 ****
> debug2("bind port %d: %.100s", port,
> strerror(errno));
> close(sock);
>
> - if (ai->ai_next)
> - continue;
> -
> for (n = 0; n < num_socks; n++) {
> close(socks[n]);
> }
> --- 2906,2911 ----
>
>
> When those two lines are added back in, X11 forwarding is able to get
> a port bound.
>
> This is only the case on Solaris. On Linux, *BSD, IRIX systems the
> current code works.
>

Weren't those two lines related to the fix between 4.9p1 and 5.0p1
ix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11 display socket. [ In reply to ]
Ermm...

Revision 1.273 / (download) - annotate - [select for diffs] , Wed Apr 2
21:36:51 2008 UTC (3 months, 1 week ago) by markus
Branch: MAIN
Changes since 1.272: +1 -4 lines
Diff to previous 1.272 (colored)

avoid possible hijacking of x11-forwarded connections (back out 1.183)
CVE-2008-1483; ok djm@

--

Revision 1.183 / (download) - annotate - [select for diffs] , Tue Sep 17
07:47:02 2002 UTC (5 years, 10 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.182: +5 -1 lines
Diff to previous 1.182 (colored)

don't quit while creating X11 listening socket.

http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
got from portable. markus ok

Removing it is the wrong solution... Not sure what the correct one, but I
figured I'd post why it was removed.

- Ben




On Wed, 16 Jul 2008, Pieter Bowman wrote:

> On Solaris 10 (SPARC & x86), I'm seeing the following error:
>
> error: Failed to allocate internet-domain X11 display socket.
>
>
> I tracked this down to this code change between openssh 4.7p1 and
> 5.0p1:
>
> *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007
> --- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008
> ***************
> *** 1,4 ****
> ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
> /*
> * Author: Tatu Ylonen <ylo@cs.hut.fi>
> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
> --- 1,4 ----
> ! /* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
> /*
> * Author: Tatu Ylonen <ylo@cs.hut.fi>
> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
> ***************
> *** 2905,2913 ****
> debug2("bind port %d: %.100s", port, strerror(errno));
> close(sock);
>
> - if (ai->ai_next)
> - continue;
> -
> for (n = 0; n < num_socks; n++) {
> close(socks[n]);
> }
> --- 2906,2911 ----
>
>
> When those two lines are added back in, X11 forwarding is able to get
> a port bound.
>
> This is only the case on Solaris. On Linux, *BSD, IRIX systems the
> current code works.
>
> Thanks for looking into this.
>
> Pieter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11 display socket. [ In reply to ]
On Wed, 16 Jul 2008, Ben Lindstrom wrote:

> Removing it is the wrong solution... Not sure what the correct one, but I
> figured I'd post why it was removed.

Removing it is the right solution, the problem is that Sun returns
unusable return codes from getaddrinfo(3) when IPv6 is installed on the
machine but no interfaces have IPv6 addresses configured.

Workaround: put "AddressFamily inet" in sshd_config.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11 display socket. [ In reply to ]
On Thu, 17 Jul 2008, Damien Miller wrote:

> On Wed, 16 Jul 2008, Ben Lindstrom wrote:
>
> > Removing it is the wrong solution... Not sure what the correct one, but I
> > figured I'd post why it was removed.
>
> Removing it is the right solution, the problem is that Sun returns

ugh, "not the right solution".
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11 display socket. [ In reply to ]
>> ...
>> Workaround: put "AddressFamily inet" in sshd_config.
>> ...

Thanks, that works for me (no IPV6 here, yet). Maybe a line or two in
README.platform would be a good idea.

Pieter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev