Don't do (unsafe) DNS reverse lookups.

HEADS UP: May break some Kerberos deployments.

Don't do (unsafe) DNS reverse lookups.
HEADS UP: May break some Kerberos deployments.
d7a326be · Kurt Zeilenga · cd66f42f · d7a326be · d7a326be · d7a326be
Commit d7a326be authored Apr 22, 2003 by Kurt Zeilenga
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -441,7 +441,8 @@ LDAP_F (int) ldap_connect_to_host( LDAP *ld, Sockbuf *sb,
 #if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) || \
 	defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
 LDAP_V (char *) ldap_int_hostname;
-LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb );
+LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb,
+	const char *host );
 #endif

 LDAP_F (void) ldap_int_ip_init( void );

--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -280,7 +280,7 @@ ldap_int_open_connection(
 				LBER_SBIOD_LEVEL_PROVIDER, NULL );

 #ifdef HAVE_CYRUS_SASL
-			sasl_host = ldap_host_connected_to( conn->lconn_sb );
+			sasl_host = ldap_host_connected_to( conn->lconn_sb, host );
 #endif
 			break;

@@ -327,7 +327,7 @@ ldap_int_open_connection(
 				LBER_SBIOD_LEVEL_PROVIDER, NULL );

 #ifdef HAVE_CYRUS_SASL
-			sasl_host = ldap_host_connected_to( conn->lconn_sb );
+			sasl_host = ldap_host_connected_to( conn->lconn_sb, "localhost" );
 #endif
 			break;
 #endif /* LDAP_PF_LOCAL */
@@ -383,7 +383,8 @@ ldap_int_open_connection(
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 	if ( conn->lconn_krbinstance == NULL ) {
 		char *c;
-		conn->lconn_krbinstance = ldap_host_connected_to( conn->lconn_sb );
+		conn->lconn_krbinstance = ldap_host_connected_to(
+			conn->lconn_sb, host );

 		if( conn->lconn_krbinstance != NULL && 
 		    ( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {

--- a/libraries/libldap/os-ip.c
+++ b/libraries/libldap/os-ip.c
@@ -506,7 +506,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
 #if defined( LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND ) || \
 	defined( HAVE_CYRUS_SASL )
 char *
-ldap_host_connected_to( Sockbuf *sb )
+ldap_host_connected_to( Sockbuf *sb, const char *host )
 {
 	socklen_t		len;
 #ifdef LDAP_PF_INET6
@@ -515,8 +515,6 @@ ldap_host_connected_to( Sockbuf *sb )
 	struct sockaddr sabuf;
 #endif
 	struct sockaddr	*sa = (struct sockaddr *) &sabuf;
-	char			*host = NULL, *herr;
-	char hbuf[NI_MAXHOST];
 	int rc;
 	ber_socket_t	sd;

@@ -579,14 +577,21 @@ ldap_host_connected_to( Sockbuf *sb )
 		break;
 	}

-	hbuf[0] = 0;
-	if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0 &&
-		hbuf[0] ) 
+#if 0
 	{
-		host = LDAP_STRDUP( hbuf );   
+		char *herr;
+		char hbuf[NI_MAXHOST];
+		hbuf[0] = 0;
+
+		if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0
+			&& hbuf[0] ) 
+		{
+			return LDAP_STRDUP( hbuf );   
+		}
 	}
+#endif

-	return host;
+	return host ? LDAP_STRDUP( host ) : NULL;
 }
 #endif