Changeset e68221b in code

Timestamp:

Jun 23, 2014, 1:02:33 PM (11 years ago)

Author:

Florian Obser <florian@…>

Branches:

master

Children:

96a2e31

Parents:

120eedd

Message:

Check that the reverse resolved hostname resolves back to the
connecting IP.

Files:

• dns.c (modified) (4 diffs)
• icb.h (modified) (2 diffs)
• icbd.c (modified) (2 diffs)
• icbd.h (modified) (1 diff)

dns.c

@@ -35 +35 @@
 void dns_done_host(struct asr_result *, void *);
 void dns_done_reverse(struct asr_result *, void *);
+int  cmp_addr(struct sockaddr *, struct sockaddr *);
 
 extern int dodns;
@@ -42 +43 @@
 {
         struct icb_session *is = arg;
+        struct addrinfo *res;
+        int found = 0;
 
-        if (ar->ar_addrinfo)
-                freeaddrinfo(ar->ar_addrinfo);
-
-        /* just check that there's no error */
         if (ar->ar_gai_errno == 0) {
                 if (strncmp(is->hostname, "localhost",
                     sizeof "localhost" - 1) == 0)
                         strlcpy(is->host, "unknown", ICB_MAXHOSTLEN);
-                else if (strlen(is->hostname) < ICB_MAXHOSTLEN)
-                        strlcpy(is->host, is->hostname, ICB_MAXHOSTLEN);
+                else if (strlen(is->hostname) < ICB_MAXHOSTLEN) {
+                        for (res = ar->ar_addrinfo; res; res = res->ai_next) {
+                                if (cmp_addr(res->ai_addr, (struct sockaddr *)
+                                    &is->ss) == 0) {
+                                        strlcpy(is->host, is->hostname,
+                                            ICB_MAXHOSTLEN);
+                                        found = 1;
+                                        break;
+                                }
+                        }
+                        if (!found)
+                                icbd_log(is, LOG_WARNING, "hostname %s does "
+                                   "not resolve back to connecting ip %s",
+                                    is->hostname, is->host);
+                }
         } else
                 icbd_log(is, LOG_WARNING, "dns resolution failed: %s",
                     gai_strerror(ar->ar_gai_errno));
+
+        if (ar->ar_addrinfo)
+                freeaddrinfo(ar->ar_addrinfo);
 
         if (ISSETF(is->flags, ICB_SF_PENDINGDROP)) {
@@ -92 +107 @@
 }
 
+int
+cmp_addr(struct sockaddr *a, struct sockaddr *b)
+{
+        if (a->sa_family != b->sa_family)
+                return (a->sa_family - b->sa_family);
+
+        if (a->sa_family == AF_INET)
+                return (((struct sockaddr_in *)a)->sin_addr.s_addr -
+                    ((struct sockaddr_in *)b)->sin_addr.s_addr);
+
+        if (a->sa_family == AF_INET6)
+                return (memcmp(&((struct sockaddr_in6 *)a)->sin6_addr,
+                    &((struct sockaddr_in6 *)b)->sin6_addr,
+                    sizeof (struct in6_addr)));
+
+        return -1;
+        
+}
+
 void
-dns_resolve(struct icb_session *is, struct sockaddr *sa)
+dns_resolve(struct icb_session *is)
 {
         struct asr_query *as;
@@ -105 +139 @@
                 icbd_log(is, LOG_DEBUG, "resolving: %s", is->host);
 
-        as = getnameinfo_async(sa, sa->sa_len, is->hostname,
+        as = getnameinfo_async((struct sockaddr *)&is->ss,
+            ((struct sockaddr *)&is->ss)->sa_len, is->hostname,
             sizeof is->hostname, NULL, 0, NI_NOFQDN, NULL);
         event_asr_run(as, dns_done_reverse, is);

icb.h

@@ -16 +16 @@
 
 #include <sys/queue.h>
+#include <sys/socket.h>
 
 /*
@@ -78 +79 @@
         char                     hostname[MAXHOSTNAMELEN];
         char                     buffer[ICB_MSGSIZE];
+        struct sockaddr_storage  ss;
         struct event             ev;
         struct bufferevent      *bev;

icbd.c

@@ -586 +586 @@
 getpeerinfo(struct icb_session *is)
 {
-        struct sockaddr_storage ss;
-        struct sockaddr_in *sin = (struct sockaddr_in *)&ss;
-        struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ss;
-        socklen_t ss_len = sizeof ss;
-
-        bzero(&ss, sizeof ss);
-        if (getpeername(EVBUFFER_FD(is->bev), (struct sockaddr *)&ss,
+        struct sockaddr_in *sin = (struct sockaddr_in *)&is->ss;
+        struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&is->ss;
+        socklen_t ss_len = sizeof is->ss;
+
+        bzero(&is->ss, sizeof is->ss);
+        if (getpeername(EVBUFFER_FD(is->bev), (struct sockaddr *)&is->ss,
             &ss_len) != 0)
                 return;
 
         is->port = 0;
-        switch (ss.ss_family) {
+        switch (is->ss.ss_family) {
         case AF_INET:
                 is->port = ntohs(sin->sin_port);
@@ -607 +606 @@
         }
 
-        inet_ntop(ss.ss_family, ss.ss_family == AF_INET ?
+        inet_ntop(is->ss.ss_family, is->ss.ss_family == AF_INET ?
             (void *)&sin->sin_addr : (void *)&sin6->sin6_addr,
             is->host, sizeof is->host);
 
-        dns_resolve(is, (struct sockaddr *)&ss);
-}
+        dns_resolve(is);
+}

icbd.h

@@ -32 +32 @@
 
 /* dns.c */
-struct sockaddr;
-void            dns_resolve(struct icb_session *, struct sockaddr *);
+void            dns_resolve(struct icb_session *);
 
 /* logger.c */