Resolver Issues (non valid hostname characters)
Mark.Andrews at isc.org
Mark.Andrews at isc.org
Wed Mar 26 05:23:35 PST 2003
> On Tuesday, March 25, 2003, at 09:53 PM, Mark.Andrews at isc.org wrote:
>
> > The current implementation fits this. It handles (accepts)
> > garbage in and only returns (generates) clean respones to
> > the application.
> >
>
> Which I would say it not the intention of what being 'generous on what
> you accept' to mean. IMHO, the maxim is to stop exactly what is
> happening. We are being restrictive on what we return to the
> application so things are breaking. I can't change the remote end so
> communication does not flow. From my perspective, you advocating
> being restrict on what you will accept and what you will send.
This is a security matter. Sendmail was compromised due to
lack of checking the results returned by gethostbyaddr().
get*by*() and get*info() enforce RFC 952 so that every
application written doesn't have to validate the results
returned. Allowing underscore (or IHN) is a API change
and will potentially break applications that correctly
depend upon get*by*() and get*info() filtering out the
garbage.
If you want to be liberal in what you accept bypass
get*by*() and get*info() and call the resolver directly.
> > If the resolver died receiving underscore you would something
> > to complain about. Currently it just filters out ALL illegal
> > responses.
>
> I can't talk to some hosts on the internet because FreeBSD will not
> resolve the host name which over 99% of the host on the Internet will.
> I guess that just doesn't matter.
If the name contains a underscore it is not a hostname by
definition. Nothing stops you talking to the DNS directly
and entering IP literals.
Mark
> DaveD
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the freebsd-stable
mailing list