NetBSD Problem Report #52837

From www@NetBSD.org  Sun Dec 17 15:05:36 2017
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 802267A180
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 17 Dec 2017 15:05:36 +0000 (UTC)
Message-Id: <20171217150535.895FE7A1D8@mollari.NetBSD.org>
Date: Sun, 17 Dec 2017 15:05:35 +0000 (UTC)
From: netbsd-bugs@michael-kaufmann.ch
Reply-To: netbsd-bugs@michael-kaufmann.ch
To: gnats-bugs@NetBSD.org
Subject: getaddrinfo() resolves "127.0.0.1 www.example.com" to 127.0.0.1
X-Send-Pr-Version: www-1.0

>Number:         52837
>Category:       standards
>Synopsis:       getaddrinfo() resolves "127.0.0.1 www.example.com" to 127.0.0.1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    standards-manager
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Dec 17 15:10:00 +0000 2017
>Closed-Date:    Sat Oct 06 12:42:03 +0000 2018
>Last-Modified:  Sat Oct 06 12:42:03 +0000 2018
>Originator:     Michael Kaufmann
>Release:        NetBSD-current
>Organization:
>Environment:
NetBSD cubieboard 7.99.71 NetBSD 7.99.71 (CUBIEBOARD) #0: Sat May  6 00:13:25 UTC 2017  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/evbarm/compile/CUBIEBOARD evbarm
>Description:
getaddrinfo() uses inet_aton(), which ignores trailing spaces after numerical IP addresses. This means that getaddrinfo() resolves the hostname "127.0.0.1 www.example.com" to the IP address 127.0.0.1.

This bug is also present in some other operating systems, please see https://github.com/curl/curl/pull/2073
>How-To-Repeat:
Example program that shows the problem:

#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main() {
  struct addrinfo hints, *infoptr, *p;
  char host[256];
  int result;

  memset(&hints, '\0', sizeof(hints));
  hints.ai_family = AF_INET;
  hints.ai_socktype = SOCK_STREAM;

  result = getaddrinfo("127.0.0.1 www.example.com", "443", &hints, &infoptr);
  if (result) {
    fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(result));
    exit(1);
  }

  for(p = infoptr; p != NULL; p = p->ai_next) {
    getnameinfo(p->ai_addr, p->ai_addrlen, host, sizeof(host), NULL, 0, NI_NUMERICHOST);
    puts(host);
  }

  freeaddrinfo(infoptr);
  return 0;
}

>Fix:

>Release-Note:

>Audit-Trail:
From: Michael Kaufmann <mail@michael-kaufmann.ch>
To: gnats-bugs@netbsd.org
Cc: netbsd-bugs@michael-kaufmann.ch
Subject: Re: standards/52837: getaddrinfo() resolves "127.0.0.1
 www.example.com" to 127.0.0.1
Date: Thu, 28 Dec 2017 13:30:48 +0100

 This bug has been fixed in FreeBSD, please see  
 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224403

 Maybe NetBSD can use the same bugfix?

From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/52837 CVS commit: src/lib/libc/net
Date: Thu, 28 Dec 2017 10:12:16 -0500

 Module Name:	src
 Committed By:	christos
 Date:		Thu Dec 28 15:12:16 UTC 2017

 Modified Files:
 	src/lib/libc/net: getaddrinfo.c

 Log Message:
 PR/52837: Michael Kaufmann: getaddrinfo() resolves "127.0.0.1 www.example.com"
 to 127.0.0.1. Apply the patch from FreeBSD and explain the rationale.


 To generate a diff of this commit:
 cvs rdiff -u -r1.116 -r1.117 src/lib/libc/net/getaddrinfo.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: maya@NetBSD.org
State-Changed-When: Mon, 04 Jun 2018 11:35:06 +0000
State-Changed-Why:
Is this OK now?
(Do you want it pulled up?)


From: Michael Kaufmann <mail@michael-kaufmann.ch>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: standards/52837 (getaddrinfo() resolves "127.0.0.1
 www.example.com" to 127.0.0.1)
Date: Tue, 05 Jun 2018 23:31:03 +0200

 It's OK, thanks!

 A pullup to 8.0 would be nice, but I don't know whether this issue is  
 important enough. Maybe it is, because the FreeBSD developers have  
 applied the patch to their stable branches.

From: Michael Kaufmann <mail@michael-kaufmann.ch>
To: gnats-bugs@gnats.netbsd.org
Cc: 
Subject: Re: standards/52837
Date: Sat, 06 Oct 2018 13:12:06 +0200

 Please close this PR and stop sending me emails about it!

State-Changed-From-To: feedback->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Sat, 06 Oct 2018 12:42:03 +0000
State-Changed-Why:
Confirmed fixed, thanks for the report!


>Unformatted:

Home	PR Database Search