diff options
Diffstat (limited to 'src/lib/libc')
| -rw-r--r-- | src/lib/libc/net/getnameinfo.3 | 20 | 
1 files changed, 10 insertions, 10 deletions
| diff --git a/src/lib/libc/net/getnameinfo.3 b/src/lib/libc/net/getnameinfo.3 index d99d98f50d..3b3a0fd290 100644 --- a/src/lib/libc/net/getnameinfo.3 +++ b/src/lib/libc/net/getnameinfo.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: getnameinfo.3,v 1.26 2003/08/28 09:47:47 itojun Exp $ | 1 | .\" $OpenBSD: getnameinfo.3,v 1.27 2003/08/28 10:16:38 jmc Exp $ | 
| 2 | .\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $ | 2 | .\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $ | 
| 3 | .\" | 3 | .\" | 
| 4 | .\" Copyright (c) 1983, 1987, 1991, 1993 | 4 | .\" Copyright (c) 1983, 1987, 1991, 1993 | 
| @@ -283,22 +283,22 @@ and documented in | |||
| 283 | The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. | 283 | The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. | 
| 284 | .\" | 284 | .\" | 
| 285 | .Sh CAVEATS | 285 | .Sh CAVEATS | 
| 286 | .Nm | 286 | .Fn getnameinfo | 
| 287 | returns both numeric and FQDN notation of the address specified in | 287 | returns both numeric and FQDN notation of the address specified in | 
| 288 | .Fa sa . | 288 | .Fa sa . | 
| 289 | There is no return value that indicates if the string returned in | 289 | There is no return value that indicates if the string returned in | 
| 290 | .Fa host | 290 | .Fa host | 
| 291 | is a result of binary to numeric-text translation (like | 291 | is a result of binary to numeric-text translation (like | 
| 292 | .Xr inet_ntop 3) , | 292 | .Xr inet_ntop 3 ) , | 
| 293 | or the result of DNS reverse lookup. | 293 | or the result of DNS reverse lookup. | 
| 294 | Therefore, malicious parties could set up PTR record like below: | 294 | Therefore, malicious parties could set up a PTR record as below: | 
| 295 | .Bd -literal -offset indent | 295 | .Bd -literal -offset indent | 
| 296 | 1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 | 296 | 1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 | 
| 297 | .Ed | 297 | .Ed | 
| 298 | .Pp | 298 | .Pp | 
| 299 | and trick the caller of | 299 | and trick the caller of | 
| 300 | .Nm | 300 | .Fn getnameinfo | 
| 301 | to believe that | 301 | into believing that | 
| 302 | .Fa sa | 302 | .Fa sa | 
| 303 | is | 303 | is | 
| 304 | .Li 10.1.1.1 | 304 | .Li 10.1.1.1 | 
| @@ -306,10 +306,10 @@ when it actually is | |||
| 306 | .Li 127.0.0.1 . | 306 | .Li 127.0.0.1 . | 
| 307 | .Pp | 307 | .Pp | 
| 308 | To prevent such attacks, the use of | 308 | To prevent such attacks, the use of | 
| 309 | .Li NI_NAMEREQD | 309 | .Dv NI_NAMEREQD | 
| 310 | like below is recommended when you use the result of | 310 | is recommended when you use the result of | 
| 311 | .Nm | 311 | .Fn getnameinfo | 
| 312 | for access control purposes. | 312 | for access control purposes: | 
| 313 | .Bd -literal -offset indent | 313 | .Bd -literal -offset indent | 
| 314 | struct sockaddr *sa; | 314 | struct sockaddr *sa; | 
| 315 | socklen_t salen; | 315 | socklen_t salen; | 
