summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2003-08-28 01:42:19 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2003-08-28 01:42:19 +0000
commite1a417c0c05cfa17b52cbbd4b24e4331fc83621f (patch)
treef661bb4cdfba02ca9e35ccfdf1d745995f9425c2
parent4eeadb08538200478dd0bd259b3abe43229cf510 (diff)
add CAVEATS section
-rw-r--r--lib/libc/net/getnameinfo.356
1 files changed, 55 insertions, 1 deletions
diff --git a/lib/libc/net/getnameinfo.3 b/lib/libc/net/getnameinfo.3
index 03b6149e011..00c70bdb7ad 100644
--- a/lib/libc/net/getnameinfo.3
+++ b/lib/libc/net/getnameinfo.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: getnameinfo.3,v 1.22 2003/08/08 09:26:02 jmc Exp $
+.\" $OpenBSD: getnameinfo.3,v 1.23 2003/08/28 01:42:18 itojun Exp $
.\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $
.\"
.\" Copyright (c) 1983, 1987, 1991, 1993
@@ -282,6 +282,60 @@ and documented in
.Sh HISTORY
The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit.
.\"
+.Sh CAVEATS
+.Nm
+returns both numeric and FQDN notation of the address specified in
+.Fa sa .
+There is no return value that indicates if the string returned in
+.Fa host
+is a result of binary to numeric-text translation (like
+.Xr inet_ntop 3
+), or the result of DNS reverse lookup.
+Therefore, malicious parties could set up PTR record like below:
+.Bd -literal -offset indent
+1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1
+.Ed
+.Pp
+and trick the caller of
+.Nm
+to believe that
+.Fa sa
+is
+.Li 10.1.1.1
+when it actually is
+.Li 127.0.0.1 .
+.Pp
+To prevent such attacks, the use of
+.Li NI_NAMEREQD
+like below is recommended when you use the result of
+.Nm
+for access control purposes.
+.Bd -literal -offset indent
+struct sockaddr *sa;
+socklen_t salen;
+char addr[NI_MAXHOST];
+struct addrinfo hints, *res;
+
+error = getnameinfo(sa, salen, addr, sizeof(addr),
+ NULL, 0, NI_NAMEREQD);
+if (error == 0) {
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+ hints.ai_flags = AI_NUMERICHOST;
+ if (getaddrinfo(addr, "0", &hints, &res) == 0) {
+ /* malicious PTR record */
+ freeaddrinfo(res);
+ printf("bogus PTR record\\n");
+ return -1;
+ }
+ /* addr is FQDN as a result of PTR lookup */
+} else {
+ /* addr is numeric string */
+ error = getnameinfo(sa, salen, addr, sizeof(addr),
+ NULL, 0, 0);
+}
+.Ed
+.\"
.Sh BUGS
The current implementation is not thread-safe.
.Pp