From 61411f2f4ff610f25e311a7b36d4a2cd123e980c Mon Sep 17 00:00:00 2001
From: Chris Lundquist <rampantdurandal@gmail.com>
Date: Tue, 15 Nov 2016 09:00:57 -0800
Subject: [PATCH] prevent binding 0.0.0.0 -> ::0 (#2094)

---
 command/server/listener_tcp.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/command/server/listener_tcp.go b/command/server/listener_tcp.go
index 9435c25103..4e5e9b442f 100644
--- a/command/server/listener_tcp.go
+++ b/command/server/listener_tcp.go
@@ -3,18 +3,26 @@ package server
 import (
 	"io"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/vault/vault"
 )
 
 func tcpListenerFactory(config map[string]string, _ io.Writer) (net.Listener, map[string]string, vault.ReloadFunc, error) {
+	bind_proto := "tcp"
 	addr, ok := config["address"]
 	if !ok {
 		addr = "127.0.0.1:8200"
 	}
 
-	ln, err := net.Listen("tcp", addr)
+	// If they've passed 0.0.0.0, we only want to bind on IPv4
+	// rather than golang's dual stack default
+	if strings.HasPrefix(addr, "0.0.0.0:") {
+		bind_proto = "tcp4"
+	}
+
+	ln, err := net.Listen(bind_proto, addr)
 	if err != nil {
 		return nil, nil, nil, err
 	}