diff options
author | Jason McIntyre <jmc@cvs.openbsd.org> | 2003-08-28 10:16:39 +0000 |
---|---|---|
committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2003-08-28 10:16:39 +0000 |
commit | 0799724db06c2898eceaa4366d4e3a04fde59d36 (patch) | |
tree | 29377195d2ba4945f92f0951480967712d485602 /lib/libc/net/getnameinfo.3 | |
parent | b628d245b239a0e95641449c9014de60fdd1c6dc (diff) |
tweak;
ok itojun@
Diffstat (limited to 'lib/libc/net/getnameinfo.3')
-rw-r--r-- | lib/libc/net/getnameinfo.3 | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/libc/net/getnameinfo.3 b/lib/libc/net/getnameinfo.3 index d99d98f50db..3b3a0fd2906 100644 --- a/lib/libc/net/getnameinfo.3 +++ b/lib/libc/net/getnameinfo.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getnameinfo.3,v 1.26 2003/08/28 09:47:47 itojun Exp $ +.\" $OpenBSD: getnameinfo.3,v 1.27 2003/08/28 10:16:38 jmc Exp $ .\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $ .\" .\" Copyright (c) 1983, 1987, 1991, 1993 @@ -283,22 +283,22 @@ and documented in The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. .\" .Sh CAVEATS -.Nm +.Fn getnameinfo returns both numeric and FQDN notation of the address specified in .Fa sa . There is no return value that indicates if the string returned in .Fa host is a result of binary to numeric-text translation (like -.Xr inet_ntop 3) , +.Xr inet_ntop 3 ) , or the result of DNS reverse lookup. -Therefore, malicious parties could set up PTR record like below: +Therefore, malicious parties could set up a PTR record as below: .Bd -literal -offset indent 1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 .Ed .Pp and trick the caller of -.Nm -to believe that +.Fn getnameinfo +into believing that .Fa sa is .Li 10.1.1.1 @@ -306,10 +306,10 @@ when it actually is .Li 127.0.0.1 . .Pp To prevent such attacks, the use of -.Li NI_NAMEREQD -like below is recommended when you use the result of -.Nm -for access control purposes. +.Dv NI_NAMEREQD +is recommended when you use the result of +.Fn getnameinfo +for access control purposes: .Bd -literal -offset indent struct sockaddr *sa; socklen_t salen; |