From 3dfb08139be6f1d64fe6b2d9cacb6ab24548e6f4 Mon Sep 17 00:00:00 2001
From: itojun <>
Date: Thu, 28 Aug 2003 01:42:18 +0000
Subject: add CAVEATS section

---
 src/lib/libc/net/getnameinfo.3 | 56 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 55 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libc/net/getnameinfo.3 b/src/lib/libc/net/getnameinfo.3
index 03b6149e01..00c70bdb7a 100644
--- a/src/lib/libc/net/getnameinfo.3
+++ b/src/lib/libc/net/getnameinfo.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: getnameinfo.3,v 1.22 2003/08/08 09:26:02 jmc Exp $
+.\"	$OpenBSD: getnameinfo.3,v 1.23 2003/08/28 01:42:18 itojun Exp $
 .\"	$KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $
 .\"
 .\" Copyright (c) 1983, 1987, 1991, 1993
@@ -282,6 +282,60 @@ and documented in
 .Sh HISTORY
 The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit.
 .\"
+.Sh CAVEATS
+.Nm
+returns both numeric and FQDN notation of the address specified in
+.Fa sa .
+There is no return value that indicates if the string returned in
+.Fa host
+is a result of binary to numeric-text translation (like
+.Xr inet_ntop 3
+), or the result of DNS reverse lookup.
+Therefore, malicious parties could set up PTR record like below:
+.Bd -literal -offset indent
+1.0.0.127.in-addr.arpa. IN PTR  10.1.1.1
+.Ed
+.Pp
+and trick the caller of
+.Nm
+to believe that
+.Fa sa
+is
+.Li 10.1.1.1
+when it actually is
+.Li 127.0.0.1 .
+.Pp
+To prevent such attacks, the use of 
+.Li NI_NAMEREQD
+like below is recommended when you use the result of
+.Nm
+for access control purposes.
+.Bd -literal -offset indent
+struct sockaddr *sa;
+socklen_t salen;
+char addr[NI_MAXHOST];
+struct addrinfo hints, *res;
+
+error = getnameinfo(sa, salen, addr, sizeof(addr),
+    NULL, 0, NI_NAMEREQD);
+if (error == 0) {
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
+	hints.ai_flags = AI_NUMERICHOST;
+	if (getaddrinfo(addr, "0", &hints, &res) == 0) {
+		/* malicious PTR record */
+		freeaddrinfo(res);
+		printf("bogus PTR record\\n");
+		return -1;
+	}
+	/* addr is FQDN as a result of PTR lookup */
+} else {
+	/* addr is numeric string */
+	error = getnameinfo(sa, salen, addr, sizeof(addr),
+	    NULL, 0, 0);
+}
+.Ed
+.\"
 .Sh BUGS
 The current implementation is not thread-safe.
 .Pp
-- 
cgit v1.2.3-55-g6feb