/systemd

shared: recognize DNS names with more than one trailing dot as invalid #4111

Merged
merged 1 commit into from Sep 9, 2016

Conversation

Reviewers
No reviews
Assignees

@martinpitt martinpitt

Labels
bug resolve
Projects
None yet
Milestone
No milestone
3 participants
@martinpitt @poettering @keszybz
@martinpitt
Contributor

martinpitt commented Sep 8, 2016

One trailing dot is valid, but more than one isn't. This also fixes glibc's posix/tst-getaddrinfo5 test.

This commit includes unit tests, but I also verified that with the fixed resolved this now works:

$ systemd-resolve www.gnu.org...
www.gnu.org...: resolve call failed: Invalid hostname 'www.gnu.org...'
$ systemd-resolve www.gnu.org..
www.gnu.org..: resolve call failed: Invalid hostname 'www.gnu.org..'
$ systemd-resolve www.gnu.org.
www.gnu.org.: 208.118.235.148
              2001:4830:134:3::a
              (wildebeest.gnu.org)

Fixes #3978
@martinpitt
shared: recognize DNS names with more than one trailing dot as invalid 
One trailing dot is valid, but more than one isn't. This also Fixes glibc's
posix/tst-getaddrinfo5 test.

Fixes #3978

All checks have passed

5 successful checks
@systemd-centos-ci
default — Build finished.
Details
semaphoreci — The build passed on Semaphore.
Details
@martinpitt
ubuntu-amd64 — autopkgtest finished (success)
Details
@martinpitt
ubuntu-i386 — autopkgtest finished (success)
Details
@martinpitt
ubuntu-s390x — autopkgtest finished (success)
Details
376409a

@martinpitt martinpitt added resolve bug labels Sep 8, 2016

@martinpitt martinpitt self-assigned this Sep 8, 2016

@keszybz keszybz merged commit f35c467 into systemd:master Sep 9, 2016
5 checks passed

5 checks passed

default Build finished.
Details
semaphoreci The build passed on Semaphore.
Details
ubuntu-amd64 autopkgtest finished (success)
Details
ubuntu-i386 autopkgtest finished (success)
Details
ubuntu-s390x autopkgtest finished (success)
Details

@martinpitt martinpitt deleted the martinpitt:dns-name-dotdot branch Sep 13, 2016

edolstra added a commit to NixOS/systemd that referenced this pull request Sep 30, 2016

@martinpitt @edolstra
shared: recognize DNS names with more than one trailing dot as invalid ( 
#4111)

One trailing dot is valid, but more than one isn't. This also Fixes glibc's
posix/tst-getaddrinfo5 test.

Fixes #3978.
(cherry picked from commit f35c467)
fde1b72
@poettering
Owner

poettering commented Oct 21, 2016

Hmpf. This fix looks wrong. dns_label_unescape() is supposed to look at a single label only, but now you make it look one more label ahead...
@poettering
Owner

poettering commented Oct 21, 2016

hmm, i figure the patch is actually Ok after all, even though not particularly pretty. But I figure it's the best we can do, given that dns_label_unescape() is supposed to treat "" and "." the same way, and thus not looking forward will indeed allow a name ending in two trailing dots pass...

Sorry for the noise
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment