[krbdev.mit.edu #8809] [Comment] Do not call getaddrinfo() with invalid hostnames
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Tue Mar 31 15:55:05 EDT 2020
https://krbdev.mit.edu/rt/Ticket/Display.html?id=8809
This is a comment. It is not sent to the Requestor(s):
Jeff encountered a mail delivery issue updating the ticket; here is his
response:
RFC 2743 Section 4.1 states that the second component will be treated as
a hostname regardless of whether or not a DNS lookup succeeds.
"When a reference to a name of this type is resolved, the 'hostname'
may (as an example implementation strategy) be canonicalized by
attempting a DNS lookup and using the fully-qualified domain name
which is returned, or by using the 'hostname' as provided if the DNS
lookup fails. The canonicalization operation also maps the host's
name into lower-case characters."
In the case of a name which begins with a leading underscore the DNS
lookup is guaranteed to fail. I will call out two items in the above a
paragraph:
1. Canonicalization by attempting a DNS lookup is optional.
2. If the optional DNS lookup fails, the 'hostname' will be used
as provided.
What I have pointed out in this ticket is that a getaddrinfo() query
will always fail for a name beginning with a leading underscore and that
the failure might take a long time. Therefore, there is no benefit to
issuing the query and the canonicalization step described in Section 4.1
should be skipped.
More information about the krb5-bugs
mailing list