|
 |
5f7b84 |
commit 6ca53a2453598804a2559a548a08424fca96434a
|
|
|
5f7b84 |
Author: Florian Weimer <fweimer@redhat.com>
|
|
|
5f7b84 |
Date: Mon Jan 21 09:26:41 2019 +0100
|
|
|
5f7b84 |
|
|
|
5f7b84 |
resolv: Do not send queries for non-host-names in nss_dns [BZ #24112]
|
|
|
5f7b84 |
|
|
|
5f7b84 |
Before this commit, nss_dns would send a query which did not contain a
|
|
|
5f7b84 |
host name as the query name (such as invalid\032name.example.com) and
|
|
|
5f7b84 |
then reject the answer in getanswer_r and gaih_getanswer_slice, using
|
|
|
5f7b84 |
a check based on res_hnok. With this commit, no query is sent, and a
|
|
|
5f7b84 |
host-not-found error is returned to NSS without network interaction.
|
|
|
5f7b84 |
|
|
|
5f7b84 |
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
|
|
|
5f7b84 |
index 5dc2829cd148a568..99c3b61e1cee4d42 100644
|
|
|
5f7b84 |
--- a/resolv/nss_dns/dns-host.c
|
|
|
5f7b84 |
+++ b/resolv/nss_dns/dns-host.c
|
|
|
5f7b84 |
@@ -274,11 +274,26 @@ gethostbyname3_context (struct resolv_context *ctx,
|
|
|
5f7b84 |
return status;
|
|
|
5f7b84 |
}
|
|
|
5f7b84 |
|
|
|
5f7b84 |
+/* Verify that the name looks like a host name. There is no point in
|
|
|
5f7b84 |
+ sending a query which will not produce a usable name in the
|
|
|
5f7b84 |
+ response. */
|
|
|
5f7b84 |
+static enum nss_status
|
|
|
5f7b84 |
+check_name (const char *name, int *h_errnop)
|
|
|
5f7b84 |
+{
|
|
|
5f7b84 |
+ if (res_hnok (name))
|
|
|
5f7b84 |
+ return NSS_STATUS_SUCCESS;
|
|
|
5f7b84 |
+ *h_errnop = HOST_NOT_FOUND;
|
|
|
5f7b84 |
+ return NSS_STATUS_NOTFOUND;
|
|
|
5f7b84 |
+}
|
|
|
5f7b84 |
+
|
|
|
5f7b84 |
enum nss_status
|
|
|
5f7b84 |
_nss_dns_gethostbyname2_r (const char *name, int af, struct hostent *result,
|
|
|
5f7b84 |
char *buffer, size_t buflen, int *errnop,
|
|
|
5f7b84 |
int *h_errnop)
|
|
|
5f7b84 |
{
|
|
|
5f7b84 |
+ enum nss_status status = check_name (name, h_errnop);
|
|
|
5f7b84 |
+ if (status != NSS_STATUS_SUCCESS)
|
|
|
5f7b84 |
+ return status;
|
|
|
5f7b84 |
return _nss_dns_gethostbyname3_r (name, af, result, buffer, buflen, errnop,
|
|
|
5f7b84 |
h_errnop, NULL, NULL);
|
|
|
5f7b84 |
}
|
|
|
5f7b84 |
@@ -289,6 +304,9 @@ _nss_dns_gethostbyname_r (const char *name, struct hostent *result,
|
|
|
5f7b84 |
char *buffer, size_t buflen, int *errnop,
|
|
|
5f7b84 |
int *h_errnop)
|
|
|
5f7b84 |
{
|
|
|
5f7b84 |
+ enum nss_status status = check_name (name, h_errnop);
|
|
|
5f7b84 |
+ if (status != NSS_STATUS_SUCCESS)
|
|
|
5f7b84 |
+ return status;
|
|
|
5f7b84 |
struct resolv_context *ctx = __resolv_context_get ();
|
|
|
5f7b84 |
if (ctx == NULL)
|
|
|
5f7b84 |
{
|
|
|
5f7b84 |
@@ -296,7 +314,7 @@ _nss_dns_gethostbyname_r (const char *name, struct hostent *result,
|
|
|
5f7b84 |
*h_errnop = NETDB_INTERNAL;
|
|
|
5f7b84 |
return NSS_STATUS_UNAVAIL;
|
|
|
5f7b84 |
}
|
|
|
5f7b84 |
- enum nss_status status = NSS_STATUS_NOTFOUND;
|
|
|
5f7b84 |
+ status = NSS_STATUS_NOTFOUND;
|
|
|
5f7b84 |
if (res_use_inet6 ())
|
|
|
5f7b84 |
status = gethostbyname3_context (ctx, name, AF_INET6, result, buffer,
|
|
|
5f7b84 |
buflen, errnop, h_errnop, NULL, NULL);
|
|
|
5f7b84 |
@@ -313,6 +331,9 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
|
|
|
5f7b84 |
char *buffer, size_t buflen, int *errnop,
|
|
|
5f7b84 |
int *herrnop, int32_t *ttlp)
|
|
|
5f7b84 |
{
|
|
|
5f7b84 |
+ enum nss_status status = check_name (name, herrnop);
|
|
|
5f7b84 |
+ if (status != NSS_STATUS_SUCCESS)
|
|
|
5f7b84 |
+ return status;
|
|
|
5f7b84 |
struct resolv_context *ctx = __resolv_context_get ();
|
|
|
5f7b84 |
if (ctx == NULL)
|
|
|
5f7b84 |
{
|
|
|
5f7b84 |
@@ -347,7 +368,6 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
|
|
|
5f7b84 |
int ans2p_malloced = 0;
|
|
|
5f7b84 |
|
|
|
5f7b84 |
int olderr = errno;
|
|
|
5f7b84 |
- enum nss_status status;
|
|
|
5f7b84 |
int n = __res_context_search (ctx, name, C_IN, T_QUERY_A_AND_AAAA,
|
|
|
5f7b84 |
host_buffer.buf->buf, 2048, &host_buffer.ptr,
|
|
|
5f7b84 |
&ans2p, &nans2p, &resplen2, &ans2p_malloced);
|