From 3dfb08139be6f1d64fe6b2d9cacb6ab24548e6f4 Mon Sep 17 00:00:00 2001 From: itojun <> Date: Thu, 28 Aug 2003 01:42:18 +0000 Subject: add CAVEATS section --- src/lib/libc/net/getnameinfo.3 | 56 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/src/lib/libc/net/getnameinfo.3 b/src/lib/libc/net/getnameinfo.3 index 03b6149e01..00c70bdb7a 100644 --- a/src/lib/libc/net/getnameinfo.3 +++ b/src/lib/libc/net/getnameinfo.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getnameinfo.3,v 1.22 2003/08/08 09:26:02 jmc Exp $ +.\" $OpenBSD: getnameinfo.3,v 1.23 2003/08/28 01:42:18 itojun Exp $ .\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $ .\" .\" Copyright (c) 1983, 1987, 1991, 1993 @@ -282,6 +282,60 @@ and documented in .Sh HISTORY The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. .\" +.Sh CAVEATS +.Nm +returns both numeric and FQDN notation of the address specified in +.Fa sa . +There is no return value that indicates if the string returned in +.Fa host +is a result of binary to numeric-text translation (like +.Xr inet_ntop 3 +), or the result of DNS reverse lookup. +Therefore, malicious parties could set up PTR record like below: +.Bd -literal -offset indent +1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 +.Ed +.Pp +and trick the caller of +.Nm +to believe that +.Fa sa +is +.Li 10.1.1.1 +when it actually is +.Li 127.0.0.1 . +.Pp +To prevent such attacks, the use of +.Li NI_NAMEREQD +like below is recommended when you use the result of +.Nm +for access control purposes. +.Bd -literal -offset indent +struct sockaddr *sa; +socklen_t salen; +char addr[NI_MAXHOST]; +struct addrinfo hints, *res; + +error = getnameinfo(sa, salen, addr, sizeof(addr), + NULL, 0, NI_NAMEREQD); +if (error == 0) { + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + hints.ai_flags = AI_NUMERICHOST; + if (getaddrinfo(addr, "0", &hints, &res) == 0) { + /* malicious PTR record */ + freeaddrinfo(res); + printf("bogus PTR record\\n"); + return -1; + } + /* addr is FQDN as a result of PTR lookup */ +} else { + /* addr is numeric string */ + error = getnameinfo(sa, salen, addr, sizeof(addr), + NULL, 0, 0); +} +.Ed +.\" .Sh BUGS The current implementation is not thread-safe. .Pp -- cgit v1.2.3-55-g6feb