978e96
commit 6ca53a2453598804a2559a548a08424fca96434a
978e96
Author: Florian Weimer <fweimer@redhat.com>
978e96
Date:   Mon Jan 21 09:26:41 2019 +0100
978e96
978e96
    resolv: Do not send queries for non-host-names in nss_dns [BZ #24112]
978e96
    
978e96
    Before this commit, nss_dns would send a query which did not contain a
978e96
    host name as the query name (such as invalid\032name.example.com) and
978e96
    then reject the answer in getanswer_r and gaih_getanswer_slice, using
978e96
    a check based on res_hnok.  With this commit, no query is sent, and a
978e96
    host-not-found error is returned to NSS without network interaction.
978e96
978e96
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
978e96
index 1e85e4f08ffc8600..e697d9103797341b 100644
978e96
--- a/resolv/nss_dns/dns-host.c
978e96
+++ b/resolv/nss_dns/dns-host.c
978e96
@@ -273,11 +273,26 @@ gethostbyname3_context (struct resolv_context *ctx,
978e96
   return status;
978e96
 }
978e96
 
978e96
+/* Verify that the name looks like a host name.  There is no point in
978e96
+   sending a query which will not produce a usable name in the
978e96
+   response.  */
978e96
+static enum nss_status
978e96
+check_name (const char *name, int *h_errnop)
978e96
+{
978e96
+  if (res_hnok (name))
978e96
+    return NSS_STATUS_SUCCESS;
978e96
+  *h_errnop = HOST_NOT_FOUND;
978e96
+  return NSS_STATUS_NOTFOUND;
978e96
+}
978e96
+
978e96
 enum nss_status
978e96
 _nss_dns_gethostbyname2_r (const char *name, int af, struct hostent *result,
978e96
 			   char *buffer, size_t buflen, int *errnop,
978e96
 			   int *h_errnop)
978e96
 {
978e96
+  enum nss_status status = check_name (name, h_errnop);
978e96
+  if (status != NSS_STATUS_SUCCESS)
978e96
+    return status;
978e96
   return _nss_dns_gethostbyname3_r (name, af, result, buffer, buflen, errnop,
978e96
 				    h_errnop, NULL, NULL);
978e96
 }
978e96
@@ -288,6 +303,9 @@ _nss_dns_gethostbyname_r (const char *name, struct hostent *result,
978e96
 			  char *buffer, size_t buflen, int *errnop,
978e96
 			  int *h_errnop)
978e96
 {
978e96
+  enum nss_status status = check_name (name, h_errnop);
978e96
+  if (status != NSS_STATUS_SUCCESS)
978e96
+    return status;
978e96
   struct resolv_context *ctx = __resolv_context_get ();
978e96
   if (ctx == NULL)
978e96
     {
978e96
@@ -295,7 +313,7 @@ _nss_dns_gethostbyname_r (const char *name, struct hostent *result,
978e96
       *h_errnop = NETDB_INTERNAL;
978e96
       return NSS_STATUS_UNAVAIL;
978e96
     }
978e96
-  enum nss_status status = NSS_STATUS_NOTFOUND;
978e96
+  status = NSS_STATUS_NOTFOUND;
978e96
   if (res_use_inet6 ())
978e96
     status = gethostbyname3_context (ctx, name, AF_INET6, result, buffer,
978e96
 				     buflen, errnop, h_errnop, NULL, NULL);
978e96
@@ -312,6 +330,9 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
978e96
 			   char *buffer, size_t buflen, int *errnop,
978e96
 			   int *herrnop, int32_t *ttlp)
978e96
 {
978e96
+  enum nss_status status = check_name (name, herrnop);
978e96
+  if (status != NSS_STATUS_SUCCESS)
978e96
+    return status;
978e96
   struct resolv_context *ctx = __resolv_context_get ();
978e96
   if (ctx == NULL)
978e96
     {
978e96
@@ -346,7 +367,6 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
978e96
   int ans2p_malloced = 0;
978e96
 
978e96
   int olderr = errno;
978e96
-  enum nss_status status;
978e96
   int n = __res_context_search (ctx, name, C_IN, T_QUERY_A_AND_AAAA,
978e96
 				host_buffer.buf->buf, 2048, &host_buffer.ptr,
978e96
 				&ans2p, &nans2p, &resplen2, &ans2p_malloced);