resolve: fix reverse lookups of client connections with ConnectIPv6=no

We re-use the same helper function for both forward lookups
(when we want to connect to a peer server) and for validation of reverse
loopups (where we make a lookup on the hostname returned
by a reverse lookup on the IP address that connected).

Problem:

When ConnectIPv6=no, the forward lookup helper sets the adderss family
to AF_INET, and, if out client connected via ipv6, we fail to validate
the result.

Thus move the ConnectIPvX check out of the helper.
This commit is contained in:
Florian Westphal 2011-04-25 18:00:10 +02:00
parent 67a9d994e3
commit e4e1595bff
1 changed files with 17 additions and 15 deletions

View File

@ -236,7 +236,7 @@ ReverseLookup(const ng_ipaddr_t *IpAddr, char *resbuf, size_t reslen)
* @return true if lookup successful, false if domain name not found * @return true if lookup successful, false if domain name not found
*/ */
static bool static bool
ForwardLookup(const char *hostname, array *IpAddr) ForwardLookup(const char *hostname, array *IpAddr, int af)
{ {
ng_ipaddr_t addr; ng_ipaddr_t addr;
@ -245,23 +245,13 @@ ForwardLookup(const char *hostname, array *IpAddr)
struct addrinfo *a, *ai_results; struct addrinfo *a, *ai_results;
static struct addrinfo hints; static struct addrinfo hints;
#ifndef WANT_IPV6
hints.ai_family = AF_INET;
#endif
#ifdef AI_ADDRCONFIG /* glibc has this, but not e.g. netbsd 4.0 */ #ifdef AI_ADDRCONFIG /* glibc has this, but not e.g. netbsd 4.0 */
hints.ai_flags = AI_ADDRCONFIG; hints.ai_flags = AI_ADDRCONFIG;
#endif #endif
hints.ai_socktype = SOCK_STREAM; hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP; hints.ai_protocol = IPPROTO_TCP;
hints.ai_family = af;
#ifdef WANT_IPV6
assert(Conf_ConnectIPv6 || Conf_ConnectIPv4);
if (!Conf_ConnectIPv6)
hints.ai_family = AF_INET;
if (!Conf_ConnectIPv4)
hints.ai_family = AF_INET6;
#endif
memset(&addr, 0, sizeof(addr)); memset(&addr, 0, sizeof(addr));
res = getaddrinfo(hostname, NULL, &hints, &ai_results); res = getaddrinfo(hostname, NULL, &hints, &ai_results);
@ -390,7 +380,7 @@ Do_ResolveAddr(const ng_ipaddr_t *Addr, int identsock, int w_fd)
if (!ReverseLookup(Addr, hostname, sizeof(hostname))) if (!ReverseLookup(Addr, hostname, sizeof(hostname)))
goto dns_done; goto dns_done;
if (ForwardLookup(hostname, &resolved_addr)) { if (ForwardLookup(hostname, &resolved_addr, AF_UNSPEC)) {
if (!Addr_in_list(&resolved_addr, Addr)) { if (!Addr_in_list(&resolved_addr, Addr)) {
Log_Forgery_WrongIP(tmp_ip_str, hostname); Log_Forgery_WrongIP(tmp_ip_str, hostname);
strlcpy(hostname, tmp_ip_str, sizeof(hostname)); strlcpy(hostname, tmp_ip_str, sizeof(hostname));
@ -427,6 +417,7 @@ Do_ResolveName( const char *Host, int w_fd )
/* Resolver sub-process: resolve name and write result into pipe /* Resolver sub-process: resolve name and write result into pipe
* to parent. */ * to parent. */
array IpAddrs; array IpAddrs;
int af;
#ifdef DEBUG #ifdef DEBUG
ng_ipaddr_t *addr; ng_ipaddr_t *addr;
size_t len; size_t len;
@ -434,8 +425,19 @@ Do_ResolveName( const char *Host, int w_fd )
Log_Subprocess(LOG_DEBUG, "Now resolving \"%s\" ...", Host); Log_Subprocess(LOG_DEBUG, "Now resolving \"%s\" ...", Host);
array_init(&IpAddrs); array_init(&IpAddrs);
/* Resolve hostname */
if (!ForwardLookup(Host, &IpAddrs)) { #ifdef WANT_IPV6
af = AF_UNSPEC;
assert(Conf_ConnectIPv6 || Conf_ConnectIPv4);
if (!Conf_ConnectIPv6)
af = AF_INET;
if (!Conf_ConnectIPv4)
af = AF_INET6;
#else
af = AF_INET;
#endif
if (!ForwardLookup(Host, &IpAddrs, af)) {
close(w_fd); close(w_fd);
return; return;
} }