Bug 16469 - getaddrinfo incorrectly accepts two trailing dots
Summary: getaddrinfo incorrectly accepts two trailing dots
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: 2.15
: P2 normal
Target Milestone: ---
Assignee: Alexandre Oliva
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-20 05:05 UTC by Nigel Tao
Modified: 2014-11-21 06:28 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nigel Tao 2014-01-20 05:05:40 UTC
getaddrinfo("www.google.com..", etc) with two trailing dots resolves, but I expected an error, as "www.google.com.." is not a valid domain name.

"www.google.com." with one trailing dot works as expected, as one trailing dot means a FQDN. "www.google.com..." with three trailing dots gives a "No address associated with hostname" error, as expected.

Ubuntu 12.04 "Precise", so glibc 2.15.

--------
/* This example program adapted from http://en.wikipedia.org/wiki/Getaddrinfo#Example */

/* Note the two trailing dots in the "www.google.com.." hostname! */

#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
 
#ifndef   NI_MAXHOST
#define   NI_MAXHOST 1025
#endif
 
int main(void)
{
    struct addrinfo *result;
    struct addrinfo *res;
    int error;
 
    error = getaddrinfo("www.google.com..", NULL, NULL, &result);
    if (error != 0)
    {   
        if (error == EAI_SYSTEM)
        {
            perror("getaddrinfo");
        }
        else
        {
            fprintf(stderr, "error in getaddrinfo: %s\n", gai_strerror(error));
        }   
        exit(EXIT_FAILURE);
    }   
 
    for (res = result; res != NULL; res = res->ai_next)
    {   
        char hostname[NI_MAXHOST] = "";
 
        error = getnameinfo(res->ai_addr, res->ai_addrlen, hostname, NI_MAXHOST, NULL, 0, 0); 
        if (error != 0)
        {
            fprintf(stderr, "error in getnameinfo: %s\n", gai_strerror(error));
            continue;
        }
        if (*hostname != '\0')
            printf("hostname: %s\n", hostname);
    }   
 
    freeaddrinfo(result);
    return 0;
}
--------
Comment 1 Alexandre Oliva 2014-09-27 10:40:32 UTC
This patchlet appears to fix it.

diff --git a/resolv/res_query.c b/resolv/res_query.c
index e4ee2a6..338ad82 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -561,10 +561,6 @@ __libc_res_nquerydomain(res_state statp,
 		       name, domain?domain:"<Nil>", class, type);
 #endif
 	if (domain == NULL) {
-		/*
-		 * Check for trailing '.';
-		 * copy without '.' if present.
-		 */
 		n = strlen(name);
 
 		/* Decrement N prior to checking it against MAXDNAME
@@ -575,11 +571,7 @@ __libc_res_nquerydomain(res_state statp,
 			RES_SET_H_ERRNO(statp, NO_RECOVERY);
 			return (-1);
 		}
-		if (name[n] == '.') {
-			strncpy(nbuf, name, n);
-			nbuf[n] = '\0';
-		} else
-			longname = name;
+		longname = name;
 	} else {
 		n = strlen(name);
 		d = strlen(domain);
Comment 2 cvs-commit@gcc.gnu.org 2014-11-07 09:20:29 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, lxoliva/getaddrinfo has been created
        at  d4139de660d1f25ad34ab023b13ec3cad78986d2 (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d4139de660d1f25ad34ab023b13ec3cad78986d2

commit d4139de660d1f25ad34ab023b13ec3cad78986d2
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sun Jun 1 16:51:57 2014 -0300

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=91bbe1798129768e77cffecf324400fa4d31ad10

commit 91bbe1798129768e77cffecf324400fa4d31ad10
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sun Jun 1 16:51:44 2014 -0300

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc3ac8b1779e8b180762841048601b90f469d6e5

commit bc3ac8b1779e8b180762841048601b90f469d6e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sun Jun 1 16:48:15 2014 -0300

    for  ChangeLog
    
    	PR network/9981
    	* sysdeps/posix/getaddrinfo.c (getaddrinfo): Do not sort
    	AI_PASSIVE addresses.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7875573cbe52eabe78f1cab91c8a046d0bd5ed5a

commit 7875573cbe52eabe78f1cab91c8a046d0bd5ed5a
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sat Sep 27 07:13:20 2014 -0300

    drop address family conversions from /etc/hosts parser
    
    for ChangeLog
    
    	* nss/nss_files/files-hosts.c (LINE_PARSER): Drop all address
    	family conversions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=393207b6a74aeed6227d88174b8b37e4ee095260

commit 393207b6a74aeed6227d88174b8b37e4ee095260
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sat Sep 27 07:13:20 2014 -0300

    drop v4-to-v6 conversions of loopback addresses from /etc/hosts
    
    for ChangeLog
    
    	* nss/nss_files/files-hosts.c (LINE_PARSER): Drop family
    	conversion of loopback addresses from IPv4 to IPv6.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2e8a3341f470d8fa0dce69b8cf83e346a0017ada

commit 2e8a3341f470d8fa0dce69b8cf83e346a0017ada
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sat Sep 27 07:13:18 2014 -0300

    drop v6-to-v4 conversions of loopback addresses from /etc/hosts
    
    for ChangeLog
    
    	* nss/nss_files/files-hosts.c (LINE_PARSER): Drop family
    	conversion of loopback addresses from IPv6 to IPv4.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=901aad32edcbd1cfd57ee904ada6dcc56a53b385

commit 901aad32edcbd1cfd57ee904ada6dcc56a53b385
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sat Sep 27 07:23:39 2014 -0300

    resolv: skip leading dot in domain to search
    
    This should only happen if the domain to search is the root,
    represented as . rather than by an empty string.  Skipping it here
    prevents libc_res_nquerydomain from duplicating the trailing dot,
    which would cause the domain name compression to fail.
    
    for  ChangeLog
    
    	PR 16469
    	* resolv/res_query.c (__libc_res_nsearch): Skip leading dot in
    	search domain names.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ba878d017e6b65f5d2880ac8262bc68224ee3a53

commit ba878d017e6b65f5d2880ac8262bc68224ee3a53
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Wed Oct 15 03:52:43 2014 -0300

    don't drop trailing dot in res_nquerydomain(..., name, NULL, ...)
    
    If we drop it here, we will fail to detect a duplicate trailing dot
    later on.  Retaining, OTOH, has no ill effects whatsoever, and it even
    saves us the trouble of copying the domain name minus the trailing
    dot, like we used to do.
    
    for ChangeLog
    
    	PR 16469
    	* resolv/res_query.c (__libc_res_nquerydomain): Retain
            trailing dot.
    	* NEWS: Fixes 16469.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ff9a1b7dce77c43235e11cda103698078cf44a45

commit ff9a1b7dce77c43235e11cda103698078cf44a45
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Mon Nov 3 18:51:40 2014 -0200

    Do not continue in nss_db_getservbyname

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6286965b02069369beeb893833c34f01dc919ffb

commit 6286965b02069369beeb893833c34f01dc919ffb
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Mon Nov 3 18:51:40 2014 -0200

    create all sockets with SOCK_CLOEXEC

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c83b8a87170cda275a5c591fe2a1d3657d2a6711

commit c83b8a87170cda275a5c591fe2a1d3657d2a6711
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Mon Nov 3 18:51:39 2014 -0200

    introduce internal function to ease poll retry with timeout

-----------------------------------------------------------------------
Comment 3 cvs-commit@gcc.gnu.org 2014-11-21 05:42:43 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  b59d114bd1e0571fba85b3cbcc61d4f4b42f5d1b (commit)
       via  f3d945d5f2b9d7d44032c461af588c6d54f5664b (commit)
       via  4969890247d7d6a548f17641ed5a18f4b713d211 (commit)
      from  81959214868c9ac9e425fbf0fa3fd9135e207f7e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b59d114bd1e0571fba85b3cbcc61d4f4b42f5d1b

commit b59d114bd1e0571fba85b3cbcc61d4f4b42f5d1b
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sat Sep 27 07:23:39 2014 -0300

    BZ#16469: resolv: skip leading dot in domain to search
    
    This should only happen if the domain to search is the root,
    represented as "." rather than by an empty string.  Skipping it here
    prevents libc_res_nquerydomain from duplicating the trailing dot,
    which would cause the domain name compression to fail.
    
    for  ChangeLog
    
    	[BZ #16469]
    	* resolv/res_query.c (__libc_res_nsearch): Skip leading dot in
    	search domain names.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f3d945d5f2b9d7d44032c461af588c6d54f5664b

commit f3d945d5f2b9d7d44032c461af588c6d54f5664b
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Sun Nov 9 13:51:09 2014 -0200

    BZ#16469: don't drop trailing dot in res_nquerydomain(..., name, NULL, ...)
    
    If we drop it here, we will fail to detect a duplicate trailing dot
    later on.  Retaining, OTOH, has no ill effects whatsoever, and it even
    saves us the trouble of copying the domain name minus the trailing
    dot, like we used to do.
    
    for ChangeLog
    
    	[BZ #16469]
    	* NEWS: Update.
    	* resolv/res_query.c (__libc_res_nquerydomain): Retain
    	trailing dot.
    	* posix/tst-getaddrinfo5.c: New.
    	* posix/Makefile (tests): Add it.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4969890247d7d6a548f17641ed5a18f4b713d211

commit 4969890247d7d6a548f17641ed5a18f4b713d211
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Fri Nov 21 03:29:56 2014 -0200

    BZ#14498: fix infinite loop in nss_db_getservbyname
    
    nss_db uses nss_files code for services, but a continue on protocol
    mismatch that doesn't affect nss_files skipped the code that advanced
    to the next db entry.  Any one of these changes would suffice to fix
    it, but fixing both makes them both safer to reuse elsewhere.
    
    for  ChangeLog
    
    	[BZ #14498]
    	* NEWS: Fixed.
    	* nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx
    	after parsing line but before break_if_match.
    	* nss/nss_files/files-service (DB_LOOKUP): Don't "continue;"
    	if there is a protocol mismatch.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                     |   24 ++++++++++++++
 NEWS                          |    8 ++--
 nss/nss_db/db-XXX.c           |    9 +++--
 nss/nss_files/files-service.c |    7 +++-
 posix/Makefile                |    2 +-
 posix/tst-getaddrinfo5.c      |   69 +++++++++++++++++++++++++++++++++++++++++
 resolv/res_query.c            |   30 +++++++++--------
 7 files changed, 125 insertions(+), 24 deletions(-)
 create mode 100644 posix/tst-getaddrinfo5.c
Comment 4 Alexandre Oliva 2014-11-21 06:28:52 UTC
Fixed