diff options
author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-08-28 01:42:19 +0000 |
---|---|---|
committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-08-28 01:42:19 +0000 |
commit | e1a417c0c05cfa17b52cbbd4b24e4331fc83621f (patch) | |
tree | f661bb4cdfba02ca9e35ccfdf1d745995f9425c2 | |
parent | 4eeadb08538200478dd0bd259b3abe43229cf510 (diff) |
add CAVEATS section
-rw-r--r-- | lib/libc/net/getnameinfo.3 | 56 |
1 files changed, 55 insertions, 1 deletions
diff --git a/lib/libc/net/getnameinfo.3 b/lib/libc/net/getnameinfo.3 index 03b6149e011..00c70bdb7ad 100644 --- a/lib/libc/net/getnameinfo.3 +++ b/lib/libc/net/getnameinfo.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getnameinfo.3,v 1.22 2003/08/08 09:26:02 jmc Exp $ +.\" $OpenBSD: getnameinfo.3,v 1.23 2003/08/28 01:42:18 itojun Exp $ .\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $ .\" .\" Copyright (c) 1983, 1987, 1991, 1993 @@ -282,6 +282,60 @@ and documented in .Sh HISTORY The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. .\" +.Sh CAVEATS +.Nm +returns both numeric and FQDN notation of the address specified in +.Fa sa . +There is no return value that indicates if the string returned in +.Fa host +is a result of binary to numeric-text translation (like +.Xr inet_ntop 3 +), or the result of DNS reverse lookup. +Therefore, malicious parties could set up PTR record like below: +.Bd -literal -offset indent +1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 +.Ed +.Pp +and trick the caller of +.Nm +to believe that +.Fa sa +is +.Li 10.1.1.1 +when it actually is +.Li 127.0.0.1 . +.Pp +To prevent such attacks, the use of +.Li NI_NAMEREQD +like below is recommended when you use the result of +.Nm +for access control purposes. +.Bd -literal -offset indent +struct sockaddr *sa; +socklen_t salen; +char addr[NI_MAXHOST]; +struct addrinfo hints, *res; + +error = getnameinfo(sa, salen, addr, sizeof(addr), + NULL, 0, NI_NAMEREQD); +if (error == 0) { + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + hints.ai_flags = AI_NUMERICHOST; + if (getaddrinfo(addr, "0", &hints, &res) == 0) { + /* malicious PTR record */ + freeaddrinfo(res); + printf("bogus PTR record\\n"); + return -1; + } + /* addr is FQDN as a result of PTR lookup */ +} else { + /* addr is numeric string */ + error = getnameinfo(sa, salen, addr, sizeof(addr), + NULL, 0, 0); +} +.Ed +.\" .Sh BUGS The current implementation is not thread-safe. .Pp |