From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1944) id 846013851526; Wed, 26 Oct 2022 15:09:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 846013851526 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666796956; bh=wLIr7VbKlfpED8UJLNazXfduNGZMrwpIyJnsojrRYMA=; h=From:To:Subject:Date:From; b=RBbjNA+B/DHxMXozNtP+11wMwAFopWD5S2xB2Pl2MpH+wvd05HjOMOudxAMyoPBwu 0Hz+x5ORZrTOcILGjpXL65LGnABYD128Yl71n35We33p8U8TH8z3iNyN3n1YPDvub5 n+ppjp3fpLbM+Z6deFZOn/Xc3Pr5FiN4pDP1Lfk4= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Szabolcs Nagy To: glibc-cvs@sourceware.org Subject: [glibc/arm/morello/main] nss: Implement --no-addrconfig option for getent X-Act-Checkin: glibc X-Git-Author: Florian Weimer X-Git-Refname: refs/heads/arm/morello/main X-Git-Oldrev: 3e279192749cfcae4ceebb1f21a3275e677d0561 X-Git-Newrev: 700d3281f9e57b53c27bc991394b22d467432626 Message-Id: <20221026150916.846013851526@sourceware.org> Date: Wed, 26 Oct 2022 15:09:16 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=700d3281f9e57b53c27bc991394b22d467432626 commit 700d3281f9e57b53c27bc991394b22d467432626 Author: Florian Weimer Date: Tue Sep 13 16:10:20 2022 +0200 nss: Implement --no-addrconfig option for getent The ahosts, ahostsv4, ahostsv6 commands unconditionally pass AI_ADDRCONFIG to getaddrinfo, which is not always desired. Reviewed-by: Carlos O'Donell (cherry picked from commit a623f13adfac47c8634a7288e08f821a846bc650) Diff: --- NEWS | 7 +++++++ nss/getent.c | 11 ++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index bea1d8a11f..462a12253d 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,13 @@ using `glibc' in the "product" field. Version 2.36.1 +Major new features: + +* The getent tool now supports the --no-addrconfig option. The output of + getent with --no-addrconfig may contain addresses of families not + configured on the current host i.e. as-if you had not passed + AI_ADDRCONFIG to getaddrinfo calls. + Security related changes: CVE-2022-39046: When the syslog function is passed a crafted input diff --git a/nss/getent.c b/nss/getent.c index 8178b4b470..d2d2524b0c 100644 --- a/nss/getent.c +++ b/nss/getent.c @@ -58,6 +58,8 @@ static const struct argp_option args_options[] = { { "service", 's', N_("CONFIG"), 0, N_("Service configuration to be used") }, { "no-idn", 'i', NULL, 0, N_("disable IDN encoding") }, + { "no-addrconfig", 'A', NULL, 0, + N_("do not filter out unsupported IPv4/IPv6 addresses (with ahosts*)") }, { NULL, 0, NULL, 0, NULL }, }; @@ -79,6 +81,9 @@ static struct argp argp = /* Additional getaddrinfo flags for IDN encoding. */ static int idn_flags = AI_IDN | AI_CANONIDN; +/* Set to 0 by --no-addrconfig. */ +static int addrconfig_flags = AI_ADDRCONFIG; + /* Print the version information. */ static void print_version (FILE *stream, struct argp_state *state) @@ -346,7 +351,7 @@ ahosts_keys_int (int af, int xflags, int number, char *key[]) struct addrinfo hint; memset (&hint, '\0', sizeof (hint)); - hint.ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG | AI_CANONNAME + hint.ai_flags = (AI_V4MAPPED | addrconfig_flags | AI_CANONNAME | idn_flags | xflags); hint.ai_family = af; @@ -905,6 +910,10 @@ parse_option (int key, char *arg, struct argp_state *state) idn_flags = 0; break; + case 'A': + addrconfig_flags = 0; + break; + default: return ARGP_ERR_UNKNOWN; }