diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-11-21 22:58:13 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-12-10 09:56:56 +0100 |
| commit | 7470cc4c73c3736b93070ec01369e449e40a7cb3 (patch) | |
| tree | 7f996421d5fb688a7f48f1f6b4d623f06b9f1990 /src/resolve/resolved-dns-rr.c | |
| parent | bd0052777981044cf54a1e9d6e3acb1c3d813656 (diff) | |
| download | systemd-7470cc4c73c3736b93070ec01369e449e40a7cb3.tar.gz | |
resolve: reject host names with leading or trailing dashes in /etc/hosts
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.
hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods ("."). They must begin with an alphabetic character and end with an
> alphanumeric character.
nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.
Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.
I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.
Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
Diffstat (limited to 'src/resolve/resolved-dns-rr.c')
| -rw-r--r-- | src/resolve/resolved-dns-rr.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index b67c734e04..a1dffb08a3 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -77,7 +77,7 @@ int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key return 0; } - r = dns_name_concat(dns_resource_key_name(key), name, &joined); + r = dns_name_concat(dns_resource_key_name(key), name, 0, &joined); if (r < 0) return r; @@ -222,7 +222,7 @@ int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, if (search_domain) { _cleanup_free_ char *joined = NULL; - r = dns_name_concat(dns_resource_key_name(key), search_domain, &joined); + r = dns_name_concat(dns_resource_key_name(key), search_domain, 0, &joined); if (r < 0) return r; @@ -254,7 +254,7 @@ int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsRe if (search_domain) { _cleanup_free_ char *joined = NULL; - r = dns_name_concat(dns_resource_key_name(key), search_domain, &joined); + r = dns_name_concat(dns_resource_key_name(key), search_domain, 0, &joined); if (r < 0) return r; |