From f3d945d5f2b9d7d44032c461af588c6d54f5664b Mon Sep 17 00:00:00 2001 From: Alexandre Oliva Date: Sun, 9 Nov 2014 13:51:09 -0200 Subject: [PATCH] BZ#16469: don't drop trailing dot in res_nquerydomain(..., name, NULL, ...) If we drop it here, we will fail to detect a duplicate trailing dot later on. Retaining, OTOH, has no ill effects whatsoever, and it even saves us the trouble of copying the domain name minus the trailing dot, like we used to do. for ChangeLog [BZ #16469] * NEWS: Update. * resolv/res_query.c (__libc_res_nquerydomain): Retain trailing dot. * posix/tst-getaddrinfo5.c: New. * posix/Makefile (tests): Add it. --- ChangeLog | 9 +++++++ NEWS | 8 +++--- posix/Makefile | 2 +- posix/tst-getaddrinfo5.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++ resolv/res_query.c | 13 ++------- 5 files changed, 85 insertions(+), 16 deletions(-) create mode 100644 posix/tst-getaddrinfo5.c diff --git a/ChangeLog b/ChangeLog index 785189dd8e..650d11892d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ 2014-11-21 Alexandre Oliva + [BZ #16469] + * NEWS: Update. + * resolv/res_query.c (__libc_res_nquerydomain): Retain + trailing dot. + * posix/tst-getaddrinfo5.c: New. + * posix/Makefile (tests): Add it. + +2014-11-21 Alexandre Oliva + [BZ #14498] * NEWS: Fixed. * nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx diff --git a/NEWS b/NEWS index 5ba3f1bc09..ad170c49c5 100644 --- a/NEWS +++ b/NEWS @@ -9,10 +9,10 @@ Version 2.21 * The following bugs are resolved with this release: - 6652, 12926, 14132, 14138, 14171, 14498, 15215, 15884, 17266, 17344, - 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, - 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, - 17585, 17589, 17594, 17616, 17625. + 6652, 12926, 14132, 14138, 14171, 14498, 15215, 15884, 16469, 17266, + 17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, + 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, + 17584, 17585, 17589, 17594, 17616, 17625. * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for diff --git a/posix/Makefile b/posix/Makefile index e6b69b4245..faefaf1ed2 100644 --- a/posix/Makefile +++ b/posix/Makefile @@ -87,7 +87,7 @@ tests := tstgetopt testfnm runtests runptests \ bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \ bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \ tst-pathconf tst-getaddrinfo4 tst-rxspencer-no-utf8 \ - tst-fnmatch3 bug-regex36 + tst-fnmatch3 bug-regex36 tst-getaddrinfo5 xtests := bug-ga2 ifeq (yes,$(build-shared)) test-srcs := globtest diff --git a/posix/tst-getaddrinfo5.c b/posix/tst-getaddrinfo5.c new file mode 100644 index 0000000000..cfebb9b9ce --- /dev/null +++ b/posix/tst-getaddrinfo5.c @@ -0,0 +1,69 @@ +/* Test host lookup with double dots at the end, [BZ #16469]. + Copyright (C) 2014 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +test (void) +{ + static char host1[] = "localhost.."; + static char host2[] = "www.gnu.org.."; + static char *hosts[] = { host1, host2 }; + int i; + int pass = 0; + + for (i = 0; i < sizeof (hosts) / sizeof (*hosts); i++) + { + char *host = hosts[i]; + size_t len = strlen (host); + struct addrinfo *ai; + + /* If the name doesn't resolve with a single dot at the + end, skip it. */ + host[len-1] = 0; + if (getaddrinfo (host, NULL, NULL, &ai) != 0) + { + printf ("resolving \"%s\" failed, skipping this hostname\n", host); + continue; + } + printf ("resolving \"%s\" worked, proceeding to test\n", host); + freeaddrinfo (ai); + + /* If it resolved with a single dot, check that it doesn't with + a second trailing dot. */ + host[len-1] = '.'; + if (getaddrinfo (host, NULL, NULL, &ai) == 0) + { + printf ("resolving \"%s\" worked, test failed\n", host); + return 1; + } + printf ("resolving \"%s\" failed, test passed\n", host); + pass = 1; + } + + /* We want at least one successful name resolution for the test to + succeed. */ + return pass ? 0 : 2; +} + +#define TEST_FUNCTION test () +#define TIMEOUT 10 +#include "../test-skeleton.c" diff --git a/resolv/res_query.c b/resolv/res_query.c index e4ee2a6005..33eeeb70da 100644 --- a/resolv/res_query.c +++ b/resolv/res_query.c @@ -535,8 +535,7 @@ res_nsearch(res_state statp, libresolv_hidden_def (res_nsearch) /* - * Perform a call on res_query on the concatenation of name and domain, - * removing a trailing dot from name if domain is NULL. + * Perform a call on res_query on the concatenation of name and domain. */ static int __libc_res_nquerydomain(res_state statp, @@ -561,10 +560,6 @@ __libc_res_nquerydomain(res_state statp, name, domain?domain:"", class, type); #endif if (domain == NULL) { - /* - * Check for trailing '.'; - * copy without '.' if present. - */ n = strlen(name); /* Decrement N prior to checking it against MAXDNAME @@ -575,11 +570,7 @@ __libc_res_nquerydomain(res_state statp, RES_SET_H_ERRNO(statp, NO_RECOVERY); return (-1); } - if (name[n] == '.') { - strncpy(nbuf, name, n); - nbuf[n] = '\0'; - } else - longname = name; + longname = name; } else { n = strlen(name); d = strlen(domain); -- 2.11.4.GIT