repo: ngircd
action: commit
revision: 
path_from: 
revision_from: e4e1595bffdb6c43cd163ae576ee9715b859e494:
path_to: 
revision_to:
git.thebackupbox.net
ngircd
git clone git://git.thebackupbox.net/ngircd
commit e4e1595bffdb6c43cd163ae576ee9715b859e494
Author: Florian Westphal 
Date:   Mon Apr 25 18:00:10 2011 +0200

    resolve: fix reverse lookups of client connections with ConnectIPv6=no

    We re-use the same helper function for both forward lookups
    (when we want to connect to a peer server) and for validation of reverse
    loopups (where we make a lookup on the hostname returned
    by a reverse lookup on the IP address that connected).

    Problem:

    When ConnectIPv6=no, the forward lookup helper sets the adderss family
    to AF_INET, and, if out client connected via ipv6, we fail to validate
    the result.

    Thus move the ConnectIPvX check out of the helper.

diff --git a/src/ngircd/resolve.c b/src/ngircd/resolve.c
index 9aeb68e35e82a9fc0db263d573d2ca91e8e3d158..
index ..ff40b8d523cd10853e69353d283abeabcb86d2d9 100644
--- a/src/ngircd/resolve.c
+++ b/src/ngircd/resolve.c
@@ -236,7 +236,7 @@ ReverseLookup(const ng_ipaddr_t *IpAddr, char *resbuf, size_t reslen)
  * @return true if lookup successful, false if domain name not found
  */
 static bool
-ForwardLookup(const char *hostname, array *IpAddr)
+ForwardLookup(const char *hostname, array *IpAddr, int af)
 {
 	ng_ipaddr_t addr;

@@ -245,23 +245,13 @@ ForwardLookup(const char *hostname, array *IpAddr)
 	struct addrinfo *a, *ai_results;
 	static struct addrinfo hints;

-#ifndef WANT_IPV6
-	hints.ai_family = AF_INET;
-#endif
 #ifdef AI_ADDRCONFIG	/* glibc has this, but not e.g. netbsd 4.0 */
 	hints.ai_flags = AI_ADDRCONFIG;
 #endif
 	hints.ai_socktype = SOCK_STREAM;
 	hints.ai_protocol = IPPROTO_TCP;
+	hints.ai_family = af;

-#ifdef WANT_IPV6
-	assert(Conf_ConnectIPv6 || Conf_ConnectIPv4);
-
-	if (!Conf_ConnectIPv6)
-		hints.ai_family = AF_INET;
-	if (!Conf_ConnectIPv4)
-		hints.ai_family = AF_INET6;
-#endif
 	memset(&addr, 0, sizeof(addr));

 	res = getaddrinfo(hostname, NULL, &hints, &ai_results);
@@ -390,7 +380,7 @@ Do_ResolveAddr(const ng_ipaddr_t *Addr, int identsock, int w_fd)
 	if (!ReverseLookup(Addr, hostname, sizeof(hostname)))
 		goto dns_done;

-	if (ForwardLookup(hostname, &resolved_addr)) {
+	if (ForwardLookup(hostname, &resolved_addr, AF_UNSPEC)) {
 		if (!Addr_in_list(&resolved_addr, Addr)) {
 			Log_Forgery_WrongIP(tmp_ip_str, hostname);
 			strlcpy(hostname, tmp_ip_str, sizeof(hostname));
@@ -427,6 +417,7 @@ Do_ResolveName( const char *Host, int w_fd )
 	/* Resolver sub-process: resolve name and write result into pipe
 	 * to parent. */
 	array IpAddrs;
+	int af;
 #ifdef DEBUG
 	ng_ipaddr_t *addr;
 	size_t len;
@@ -434,8 +425,19 @@ Do_ResolveName( const char *Host, int w_fd )
 	Log_Subprocess(LOG_DEBUG, "Now resolving \"%s\" ...", Host);

 	array_init(&IpAddrs);
-	/* Resolve hostname */
-	if (!ForwardLookup(Host, &IpAddrs)) {
+
+#ifdef WANT_IPV6
+	af = AF_UNSPEC;
+	assert(Conf_ConnectIPv6 || Conf_ConnectIPv4);
+
+	if (!Conf_ConnectIPv6)
+		af = AF_INET;
+	if (!Conf_ConnectIPv4)
+		af = AF_INET6;
+#else
+	af = AF_INET;
+#endif
+	if (!ForwardLookup(Host, &IpAddrs, af)) {
 		close(w_fd);
 		return;
 	}

-----END OF PAGE-----