From 4635e729462bf3208f1e76e3e186783ac43d064d Mon Sep 17 00:00:00 2001 From: djm Date: Thu, 26 May 2005 02:03:31 +0000 Subject: [PATCH] - jakob@cvs.openbsd.org 2005/04/20 10:05:45 [dns.c] do not try to look up SSHFP for numerical hostname. ok djm@ --- ChangeLog | 3 +++ dns.c | 29 +++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4fa3e20e..bdb6f79b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ [ssh.1] arg to -b is an address, not if_name; ok markus@ + - jakob@cvs.openbsd.org 2005/04/20 10:05:45 + [dns.c] + do not try to look up SSHFP for numerical hostname. ok djm@ 20050524 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] diff --git a/dns.c b/dns.c index 140ab604..5a964bc7 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $ */ +/* $OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -43,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -142,6 +142,26 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, return success; } +/* + * Check if hostname is numerical. + * Returns -1 if hostname is numeric, 0 otherwise + */ +static int +is_numeric_hostname(const char *hostname) +{ + struct addrinfo hints, *ai; + + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; + hints.ai_flags = AI_NUMERICHOST; + + if (getaddrinfo(hostname, "0", &hints, &ai) == 0) { + freeaddrinfo(ai); + return -1; + } + + return 0; +} /* * Verify the given hostname, address and host key using DNS. @@ -171,6 +191,11 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (hostkey == NULL) fatal("No key to look up!"); + if (is_numeric_hostname(hostname)) { + debug("skipped DNS lookup for numerical hostname"); + return -1; + } + result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, DNS_RDATATYPE_SSHFP, 0, &fingerprints); if (result) { -- 2.45.1