resolve: fix reverse lookups of client connections with ConnectIPv6=no
We re-use the same helper function for both forward lookups (when we want to connect to a peer server) and for validation of reverse loopups (where we make a lookup on the hostname returned by a reverse lookup on the IP address that connected). Problem: When ConnectIPv6=no, the forward lookup helper sets the adderss family to AF_INET, and, if out client connected via ipv6, we fail to validate the result. Thus move the ConnectIPvX check out of the helper.
This commit is contained in:
parent
67a9d994e3
commit
e4e1595bff
|
@ -236,7 +236,7 @@ ReverseLookup(const ng_ipaddr_t *IpAddr, char *resbuf, size_t reslen)
|
||||||
* @return true if lookup successful, false if domain name not found
|
* @return true if lookup successful, false if domain name not found
|
||||||
*/
|
*/
|
||||||
static bool
|
static bool
|
||||||
ForwardLookup(const char *hostname, array *IpAddr)
|
ForwardLookup(const char *hostname, array *IpAddr, int af)
|
||||||
{
|
{
|
||||||
ng_ipaddr_t addr;
|
ng_ipaddr_t addr;
|
||||||
|
|
||||||
|
@ -245,23 +245,13 @@ ForwardLookup(const char *hostname, array *IpAddr)
|
||||||
struct addrinfo *a, *ai_results;
|
struct addrinfo *a, *ai_results;
|
||||||
static struct addrinfo hints;
|
static struct addrinfo hints;
|
||||||
|
|
||||||
#ifndef WANT_IPV6
|
|
||||||
hints.ai_family = AF_INET;
|
|
||||||
#endif
|
|
||||||
#ifdef AI_ADDRCONFIG /* glibc has this, but not e.g. netbsd 4.0 */
|
#ifdef AI_ADDRCONFIG /* glibc has this, but not e.g. netbsd 4.0 */
|
||||||
hints.ai_flags = AI_ADDRCONFIG;
|
hints.ai_flags = AI_ADDRCONFIG;
|
||||||
#endif
|
#endif
|
||||||
hints.ai_socktype = SOCK_STREAM;
|
hints.ai_socktype = SOCK_STREAM;
|
||||||
hints.ai_protocol = IPPROTO_TCP;
|
hints.ai_protocol = IPPROTO_TCP;
|
||||||
|
hints.ai_family = af;
|
||||||
|
|
||||||
#ifdef WANT_IPV6
|
|
||||||
assert(Conf_ConnectIPv6 || Conf_ConnectIPv4);
|
|
||||||
|
|
||||||
if (!Conf_ConnectIPv6)
|
|
||||||
hints.ai_family = AF_INET;
|
|
||||||
if (!Conf_ConnectIPv4)
|
|
||||||
hints.ai_family = AF_INET6;
|
|
||||||
#endif
|
|
||||||
memset(&addr, 0, sizeof(addr));
|
memset(&addr, 0, sizeof(addr));
|
||||||
|
|
||||||
res = getaddrinfo(hostname, NULL, &hints, &ai_results);
|
res = getaddrinfo(hostname, NULL, &hints, &ai_results);
|
||||||
|
@ -390,7 +380,7 @@ Do_ResolveAddr(const ng_ipaddr_t *Addr, int identsock, int w_fd)
|
||||||
if (!ReverseLookup(Addr, hostname, sizeof(hostname)))
|
if (!ReverseLookup(Addr, hostname, sizeof(hostname)))
|
||||||
goto dns_done;
|
goto dns_done;
|
||||||
|
|
||||||
if (ForwardLookup(hostname, &resolved_addr)) {
|
if (ForwardLookup(hostname, &resolved_addr, AF_UNSPEC)) {
|
||||||
if (!Addr_in_list(&resolved_addr, Addr)) {
|
if (!Addr_in_list(&resolved_addr, Addr)) {
|
||||||
Log_Forgery_WrongIP(tmp_ip_str, hostname);
|
Log_Forgery_WrongIP(tmp_ip_str, hostname);
|
||||||
strlcpy(hostname, tmp_ip_str, sizeof(hostname));
|
strlcpy(hostname, tmp_ip_str, sizeof(hostname));
|
||||||
|
@ -427,6 +417,7 @@ Do_ResolveName( const char *Host, int w_fd )
|
||||||
/* Resolver sub-process: resolve name and write result into pipe
|
/* Resolver sub-process: resolve name and write result into pipe
|
||||||
* to parent. */
|
* to parent. */
|
||||||
array IpAddrs;
|
array IpAddrs;
|
||||||
|
int af;
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
ng_ipaddr_t *addr;
|
ng_ipaddr_t *addr;
|
||||||
size_t len;
|
size_t len;
|
||||||
|
@ -434,8 +425,19 @@ Do_ResolveName( const char *Host, int w_fd )
|
||||||
Log_Subprocess(LOG_DEBUG, "Now resolving \"%s\" ...", Host);
|
Log_Subprocess(LOG_DEBUG, "Now resolving \"%s\" ...", Host);
|
||||||
|
|
||||||
array_init(&IpAddrs);
|
array_init(&IpAddrs);
|
||||||
/* Resolve hostname */
|
|
||||||
if (!ForwardLookup(Host, &IpAddrs)) {
|
#ifdef WANT_IPV6
|
||||||
|
af = AF_UNSPEC;
|
||||||
|
assert(Conf_ConnectIPv6 || Conf_ConnectIPv4);
|
||||||
|
|
||||||
|
if (!Conf_ConnectIPv6)
|
||||||
|
af = AF_INET;
|
||||||
|
if (!Conf_ConnectIPv4)
|
||||||
|
af = AF_INET6;
|
||||||
|
#else
|
||||||
|
af = AF_INET;
|
||||||
|
#endif
|
||||||
|
if (!ForwardLookup(Host, &IpAddrs, af)) {
|
||||||
close(w_fd);
|
close(w_fd);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue