- dtucker@cvs.openbsd.org 2008/06/12 00:03:49

     [dns.c canohost.c sshconnect.c]
     Do not pass "0" strings as ports to getaddrinfo because the lookups
     can slow things down and we never use the service info anyway. bz
     #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi.  ok
     deraadt@ djm@
     djm belives that the reason for the "0" strings is to ensure that
     it's not possible to call getaddrinfo with both host and port being
     NULL.  In the case of canohost.c host is a local array.  In the
     case of sshconnect.c, it's checked for null immediately before use.
     In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
     be non-null but it's not obvious, so I added a warning message in
     case it is ever passed a null.

diff --git a/canohost.c b/canohost.c
index 8270500d39e55c2b38ebeaf80459ee1141b06247..42011fd0acf2996fe09c10b077444fbfe1aae68f 100644 (file)
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: canohost.c,v 1.62 2007/12/27 14:22:08 dtucker Exp $ */
+/* $OpenBSD: canohost.c,v 1.63 2008/06/12 00:03:49 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -89,7 +89,7 @@ get_remote_hostname(int sock, int use_dns)
        memset(&hints, 0, sizeof(hints));
        hints.ai_socktype = SOCK_DGRAM; /*dummy*/
        hints.ai_flags = AI_NUMERICHOST;
-       if (getaddrinfo(name, "0", &hints, &ai) == 0) {
+       if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
                logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
                    name, ntop);
                freeaddrinfo(ai);

diff --git a/dns.c b/dns.c
index a89176f882835c2931261ff909a934af7efa4e39..a7da03fa3efd14ce5feb2199995a2f344d01dbe0 100644 (file)
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.24 2007/01/03 03:01:40 stevesk Exp $ */
+/* $OpenBSD: dns.c,v 1.25 2008/06/12 00:03:49 dtucker Exp $ */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -145,11 +145,20 @@ is_numeric_hostname(const char *hostname)
 {
        struct addrinfo hints, *ai;
 
+       /*
+        * We shouldn't ever get a null host but if we do then log an error
+        * and return -1 which stops DNS key fingerprint processing.
+        */
+       if (hostname == NULL) {
+               error("is_numeric_hostname called with NULL hostname");
+               return -1;
+       }
+
        memset(&hints, 0, sizeof(hints));
        hints.ai_socktype = SOCK_DGRAM;
        hints.ai_flags = AI_NUMERICHOST;
 
-       if (getaddrinfo(hostname, "0", &hints, &ai) == 0) {
+       if (getaddrinfo(hostname, NULL, &hints, &ai) == 0) {
                freeaddrinfo(ai);
                return -1;
        }

diff --git a/sshconnect.c b/sshconnect.c
index 1512996144e6c98a06cb5220289e43df48db9006..0a4bf36b66168fb7720cc73dd3aedcc69beb1801 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.204 2008/06/11 21:01:35 grunk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.205 2008/06/12 00:03:49 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -221,7 +221,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
        hints.ai_socktype = ai->ai_socktype;
        hints.ai_protocol = ai->ai_protocol;
        hints.ai_flags = AI_PASSIVE;
-       gaierr = getaddrinfo(options.bind_address, "0", &hints, &res);
+       gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
        if (gaierr) {
                error("getaddrinfo: %s: %s", options.bind_address,
                    ssh_gai_strerror(gaierr));