diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-09-29 03:59:15 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-09-29 04:23:07 +1000 |
commit | 4be269664451f3df82a8b4939ffcf5d4274d02ed (patch) | |
tree | 18a9c56b29caec4dafbc07242c9174fc4dc3766e | |
parent | 89ee9e6518f5bd398bb44e0cd47454e2d69f469e (diff) | |
download | samba-4be269664451f3df82a8b4939ffcf5d4274d02ed.tar.gz samba-4be269664451f3df82a8b4939ffcf5d4274d02ed.tar.bz2 samba-4be269664451f3df82a8b4939ffcf5d4274d02ed.zip |
heimdal Fix DNS name qualification to not mangle IP addresses
If the host running this code used IPv6 forms for IPv4 addreses
then the check for '.' would not be sufficient to determine that this
isn't a name we should mangle. Instead, check if it can be parsed
as a numeric address first, and only then mangle.
Andrew Bartlett
-rw-r--r-- | source4/heimdal/lib/krb5/krbhst.c | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 4da3af2e82..ec0c8b738e 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -370,11 +370,27 @@ krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host, int ret; if (host->ai == NULL) { - char *hostname_dot = NULL; make_hints(&hints, host->proto); + hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV; snprintf (portstr, sizeof(portstr), "%d", host->port); - if (strchr(host->hostname, '.') && + + /* First try this as an IP address - the flags we have set + * will prevent it from looking up a name */ + ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai); + if (ret == 0) { + *ai = host->ai; + return 0; + } + + hints.ai_flags &= ~AI_NUMERICHOST; + + /* Now that we know it's not an IP, we can manipulate + it as a dotted-name, to add a final . if we think + it's a fully qualified DNS name */ + if (strchr(host->hostname, '.') && host->hostname[strlen(host->hostname)-1] != '.') { + char *hostname_dot = NULL; + /* avoid expansion of search domains from resolv.conf - these can be very slow if the DNS server is not up for the searched domain */ @@ -384,10 +400,12 @@ krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host, hostname_dot[strlen(host->hostname)] = '.'; hostname_dot[strlen(host->hostname)+1] = 0; } + ret = getaddrinfo(hostname_dot?hostname_dot:host->hostname, portstr, &hints, &host->ai); + if (hostname_dot) + free(hostname_dot); + } else { + ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai); } - ret = getaddrinfo(hostname_dot?hostname_dot:host->hostname, portstr, &hints, &host->ai); - if (hostname_dot) - free(hostname_dot); if (ret) return krb5_eai_to_heim_errno(ret, errno); } |