| #
cd373078 |
| 03-Sep-2024 |
op <op@openbsd.org> |
typo in comment; saveguard -> safeguard; ok gilles@
|
| #
06579650 |
| 22-Nov-2023 |
florian <florian@openbsd.org> |
Set correct errno field in struct asr_result.
Otherwise gethostbyname(3) returns stack garbage when it is called
with an invalid host name, indicating success.
Problem observed in segfaulting ifconf
Set correct errno field in struct asr_result.
Otherwise gethostbyname(3) returns stack garbage when it is called
with an invalid host name, indicating success.
Problem observed in segfaulting ifconfig(8) by bluhm.
show more ...
|
| #
373da8ab |
| 20-Nov-2023 |
florian <florian@openbsd.org> |
localhost is either 127.0.0.1 or ::1, nothing else.
RFC 6761, 6.3 Domain Name Reservation Considerations for "localhost.":
3. Name resolution APIs and libraries SHOULD recognize localhost
localhost is either 127.0.0.1 or ::1, nothing else.
RFC 6761, 6.3 Domain Name Reservation Considerations for "localhost.":
3. Name resolution APIs and libraries SHOULD recognize localhost
names as special and SHOULD always return the IP loopback address
for address queries and negative responses for all other query
types. Name resolution APIs SHOULD NOT send queries for
localhost names to their configured caching DNS server(s).
This makes sure that the getaddrinfo(3) and gethostbyname(3) family of
functions always return the loopback address and do not send queries
to name servers. This includes "localhost", "localhost." and
everything under ".localhost" and ".localhost.".
For example, a host underneath the .com.ar zone will per default have
a search list of "com.ar.". resolv.conf(5) has a default of "lookup
bind file". Both combined will result in lookups for "localhost" to
not return 127.0.0.1 because localhost.com.ar is registered in DNS.
It has been known for decades that this is a problem, especially for
localhost.
Problem recently spotted by gonzalo@ and debugged by sthen@
Testing sthen, gonzalo
Input & OK phessler, eric, millert
OK sthen, kn, deraadt
show more ...
|
| #
b8fce260 |
| 14-Nov-2023 |
florian <florian@openbsd.org> |
Add break to error out on weird characters in gethostbyname().
Missed in previous some time ago; while here remove confusing else.
Input & OK eric
|
| #
1b04c78c |
| 17-Nov-2022 |
florian <florian@openbsd.org> |
Restrict what getaddrinfo(3) is willing to try to resolve.
Programs assume that a successful call to getaddrinfo(3) validates the
input as "safe", but that's not true. Characters like '$', '`', '\n'
Restrict what getaddrinfo(3) is willing to try to resolve.
Programs assume that a successful call to getaddrinfo(3) validates the
input as "safe", but that's not true. Characters like '$', '`', '\n'
or '*' can traverse the DNS without problems, but have special
meaning, for example a shell.
There is a function res_hnok() already in libc, but it validates if a
string is a host name, which is too strict in practice. For example
foo-.example.com is not a valid host name, but is used on the
Internet.
Posix has this to say:
"The getaddrinfo() function shall translate the name of a service
location (for example, a host name)"
It hints that the input should be a host name, but it does not
restrict it to it.
This introduces a function hnok_lenient() which restricts the input to
getaddrinfo(3) to the set [A-z0-9-_.]. Additionally two consecutive
dots ('.') are not allowed nor can the string start with - or '.'.
glibc introduced a similar restriction years ago, so this should not
cause problems.
It has been known in the DNS community for years, probably decades
that getaddrinfo(3) is too lenient what it accepts, but it has always
been kicked down the road as "not a DNS problem". Unfortunately this
information never made it out of the DNS community and no coordinated
effort happened to have this addressed in operating systems.
David Leadbeater recently demonstrated how ssh(1) and ftp(1) are too
trusting with what getaddrinfo(3) accepts. Both have been fixed
independently of this.
Input deraadt, eric
OK millert, deraadt
show more ...
|
| #
e45d70c8 |
| 27-Jun-2019 |
martijn <martijn@openbsd.org> |
If we don't receive a reply packet the res_send subquery will already have
set subq_h_errno and ar_count. Remove the ar_datalen == -1 check, so we
set ar_h_errno and don't have to (wrongly) guess tha
If we don't receive a reply packet the res_send subquery will already have
set subq_h_errno and ar_count. Remove the ar_datalen == -1 check, so we
set ar_h_errno and don't have to (wrongly) guess that
ar_h_errno = HOST_NOT_FOUND.
This makes sure that if no nameserver responds the h_errno value is set to
TRY_AGAIN instead of HOST_NOT_FOUND.
OK eric@, deraadt@
show more ...
|
| #
b5afe704 |
| 28-Apr-2018 |
schwarze <schwarze@openbsd.org> |
To allow us to get rid of /etc/networks, make getnetby*(3)
wrappers around gethostby*_async(3). If you had anything of
importance in /etc/networks, specify it in /etc/hosts instead.
Feedback and OK
To allow us to get rid of /etc/networks, make getnetby*(3)
wrappers around gethostby*_async(3). If you had anything of
importance in /etc/networks, specify it in /etc/hosts instead.
Feedback and OK eric@, OK deraadt@
show more ...
|
| #
f6f51dad |
| 23-Feb-2017 |
eric <eric@openbsd.org> |
Put a common subq pointer in the query struct, rather than one in each
element of the union.
ok gilles@ millert@ krw@
|
| #
c126605f |
| 16-Dec-2015 |
deraadt <deraadt@openbsd.org> |
Remove support for HOSTALIASES from the resolver. This "open and parse
any file indicated by an environment variable" feature inside the
resolver is incompatible with what pledge "dns" is trying to
Remove support for HOSTALIASES from the resolver. This "open and parse
any file indicated by an environment variable" feature inside the
resolver is incompatible with what pledge "dns" is trying to be. It is
a misguided "feature" added way back in history which almost noone uses,
but everyone has to assume the risk from.
ok eric florian kettenis
show more ...
|
| #
59f710d8 |
| 23-Nov-2015 |
deraadt <deraadt@openbsd.org> |
Remove support for "lookup yp" in /etc/resolv.conf. This historical
wart is incompatible with pledge, because suddenly a "dns" operation
needs "getpw" access to ypbind/ypserv, etc. file + dns acces
Remove support for "lookup yp" in /etc/resolv.conf. This historical
wart is incompatible with pledge, because suddenly a "dns" operation
needs "getpw" access to ypbind/ypserv, etc. file + dns access is
enough for everyone, sorry if you were using that old SunOS 4.x style
mechanism, but it is now gone.
ok semarie millert florian
show more ...
|
| #
a55a423a |
| 20-Sep-2015 |
eric <eric@openbsd.org> |
remove bogus includes of err.h
|
| #
5826fd8c |
| 14-Sep-2015 |
guenther <guenther@openbsd.org> |
Wrap <asr.h> so internal calls go direct and all the symbols are weak
|
| #
253ef892 |
| 09-Sep-2015 |
deraadt <deraadt@openbsd.org> |
Hide all unnecessary asr / resolver related API with _ prefixes.
direction & ok guenther
|
| #
f108579b |
| 29-May-2015 |
eric <eric@openbsd.org> |
fix a possible off-by-one when reading /etc/hosts if it doesn't end
with a newline.
ok jca@
|
| #
d2d7f9c9 |
| 26-May-2015 |
eric <eric@openbsd.org> |
simply use _PATH_HOSTS where appropriate
|
| #
5712b4f1 |
| 02-Mar-2015 |
brynet <brynet@openbsd.org> |
gethostbyname(3) would fail when more than 16 addrs/aliases were returned.
Bump MAXADDRS/ALIASES to the original of 35, and silently ignore extras
instead of failing.
Noticed by markson on freenode
gethostbyname(3) would fail when more than 16 addrs/aliases were returned.
Bump MAXADDRS/ALIASES to the original of 35, and silently ignore extras
instead of failing.
Noticed by markson on freenode.
OK eric@ "with revised diff", phessler@.
show more ...
|
| #
aea60bee |
| 16-Jan-2015 |
deraadt <deraadt@openbsd.org> |
Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther
|
| #
e7e445a1 |
| 14-Jan-2015 |
deraadt <deraadt@openbsd.org> |
change _yp_domain[] to HOST_NAME_MAX+1, and re-arrange those who include
it to get limits.h early enough
|
| #
0d7b84a8 |
| 02-Nov-2014 |
eric <eric@openbsd.org> |
Fix a NULL deref when getting an actual result for an invalid hostname
in gethostbyname(). Similar fix for getnetbyname().
ok deraadt@ daniel@ jca@
|
| #
241db059 |
| 15-Sep-2014 |
guenther <guenther@openbsd.org> |
When fopen()ing internal to libc (the API doesn't support the use
of the resulting FILE *), then pass fopen() the 'e' mode letter to
mark it close-on-exec.
ok miod@
|
| #
ab50be5e |
| 23-Jul-2014 |
eric <eric@openbsd.org> |
Make queries using the search list for hostname lookups fail with
NO_DATA/EAI_NODATA when the hostname param is an empty string.
So far, they were using the entries in the search list with no
additio
Make queries using the search list for hostname lookups fail with
NO_DATA/EAI_NODATA when the hostname param is an empty string.
So far, they were using the entries in the search list with no
additional component, which is not really expected.
reported by jsing@ and a few others
ok deraadt@, "makes sense" jsing@
show more ...
|
| #
f94f01be |
| 13-May-2014 |
eric <eric@openbsd.org> |
skip incomplete entries in /etc/hosts and /etc/networks
fix null deref spotted by Seth Hanford, pinpointed by dtucker@
ok florian@
|
| #
d216d6b1 |
| 26-Mar-2014 |
eric <eric@openbsd.org> |
Make the asr API public. Install asr.h to /usr/include.h and manpages.
Include tweaks suggested by mpi@
ok deraadt@
|
| #
5be03f8f |
| 25-Mar-2014 |
eric <eric@openbsd.org> |
Cleanup and simplify the API to be exposed. Use better names for
structures, functions and defines.
discussed with and ok deraadt@ guenther@
|
| #
f90bf415 |
| 14-Mar-2014 |
eric <eric@openbsd.org> |
prefix structure names to avoid ambiguity and possible collisions when
the API gets public.
ok deraadt@
|