diff options
| author | jmc <> | 2003-08-28 10:16:38 +0000 |
|---|---|---|
| committer | jmc <> | 2003-08-28 10:16:38 +0000 |
| commit | 1d71d09c8858fe5ff65bec02fd357b3f276e6e8b (patch) | |
| tree | c5758e1b56741a1ee92c9d3481eae0f19bb84279 /src/lib | |
| parent | 0e63a127c5e6f5d7db30ee252127966473dd8a0a (diff) | |
| download | openbsd-1d71d09c8858fe5ff65bec02fd357b3f276e6e8b.tar.gz openbsd-1d71d09c8858fe5ff65bec02fd357b3f276e6e8b.tar.bz2 openbsd-1d71d09c8858fe5ff65bec02fd357b3f276e6e8b.zip | |
tweak;
ok itojun@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libc/net/getnameinfo.3 | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libc/net/getnameinfo.3 b/src/lib/libc/net/getnameinfo.3 index d99d98f50d..3b3a0fd290 100644 --- a/src/lib/libc/net/getnameinfo.3 +++ b/src/lib/libc/net/getnameinfo.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: getnameinfo.3,v 1.26 2003/08/28 09:47:47 itojun Exp $ | 1 | .\" $OpenBSD: getnameinfo.3,v 1.27 2003/08/28 10:16:38 jmc Exp $ |
| 2 | .\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $ | 2 | .\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .\" Copyright (c) 1983, 1987, 1991, 1993 | 4 | .\" Copyright (c) 1983, 1987, 1991, 1993 |
| @@ -283,22 +283,22 @@ and documented in | |||
| 283 | The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. | 283 | The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. |
| 284 | .\" | 284 | .\" |
| 285 | .Sh CAVEATS | 285 | .Sh CAVEATS |
| 286 | .Nm | 286 | .Fn getnameinfo |
| 287 | returns both numeric and FQDN notation of the address specified in | 287 | returns both numeric and FQDN notation of the address specified in |
| 288 | .Fa sa . | 288 | .Fa sa . |
| 289 | There is no return value that indicates if the string returned in | 289 | There is no return value that indicates if the string returned in |
| 290 | .Fa host | 290 | .Fa host |
| 291 | is a result of binary to numeric-text translation (like | 291 | is a result of binary to numeric-text translation (like |
| 292 | .Xr inet_ntop 3) , | 292 | .Xr inet_ntop 3 ) , |
| 293 | or the result of DNS reverse lookup. | 293 | or the result of DNS reverse lookup. |
| 294 | Therefore, malicious parties could set up PTR record like below: | 294 | Therefore, malicious parties could set up a PTR record as below: |
| 295 | .Bd -literal -offset indent | 295 | .Bd -literal -offset indent |
| 296 | 1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 | 296 | 1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 |
| 297 | .Ed | 297 | .Ed |
| 298 | .Pp | 298 | .Pp |
| 299 | and trick the caller of | 299 | and trick the caller of |
| 300 | .Nm | 300 | .Fn getnameinfo |
| 301 | to believe that | 301 | into believing that |
| 302 | .Fa sa | 302 | .Fa sa |
| 303 | is | 303 | is |
| 304 | .Li 10.1.1.1 | 304 | .Li 10.1.1.1 |
| @@ -306,10 +306,10 @@ when it actually is | |||
| 306 | .Li 127.0.0.1 . | 306 | .Li 127.0.0.1 . |
| 307 | .Pp | 307 | .Pp |
| 308 | To prevent such attacks, the use of | 308 | To prevent such attacks, the use of |
| 309 | .Li NI_NAMEREQD | 309 | .Dv NI_NAMEREQD |
| 310 | like below is recommended when you use the result of | 310 | is recommended when you use the result of |
| 311 | .Nm | 311 | .Fn getnameinfo |
| 312 | for access control purposes. | 312 | for access control purposes: |
| 313 | .Bd -literal -offset indent | 313 | .Bd -literal -offset indent |
| 314 | struct sockaddr *sa; | 314 | struct sockaddr *sa; |
| 315 | socklen_t salen; | 315 | socklen_t salen; |