diff options
| author |   Florian Weimer <fweimer@redhat.com> | 2022-09-13 16:10:20 +0200 |
|---|---|---|
| committer |   Andreas K. Hüttel <dilfridge@gentoo.org> | 2022-10-15 19:40:11 +0200 |
| commit | ed786199a7fa470d4d8ec696d255e0ee0c251499 (patch) | |
| tree | c50ac93bcb870b6876a88ffe9ed3e7efb87692e5 | |
| parent | Ensure calculations happen with desired rounding mode in y1lf128 (diff) | |
| download | glibc-ed786199a7fa470d4d8ec696d255e0ee0c251499.tar.gz glibc-ed786199a7fa470d4d8ec696d255e0ee0c251499.tar.bz2 glibc-ed786199a7fa470d4d8ec696d255e0ee0c251499.zip | |
nss: Implement --no-addrconfig option for getent
The ahosts, ahostsv4, ahostsv6 commands unconditionally pass
AI_ADDRCONFIG to getaddrinfo, which is not always desired.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit a623f13adfac47c8634a7288e08f821a846bc650)
(cherry picked from commit 700d3281f9e57b53c27bc991394b22d467432626)
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | nss/getent.c | 11 |
2 files changed, 17 insertions, 1 deletions
@@ -7,6 +7,13 @@ using `glibc' in the "product" field. Version 2.36.1 +Major new features: + +* The getent tool now supports the --no-addrconfig option. The output of + getent with --no-addrconfig may contain addresses of families not + configured on the current host i.e. as-if you had not passed + AI_ADDRCONFIG to getaddrinfo calls. + Security related changes: CVE-2022-39046: When the syslog function is passed a crafted input diff --git a/nss/getent.c b/nss/getent.c index 8178b4b470..d2d2524b0c 100644 --- a/nss/getent.c +++ b/nss/getent.c @@ -58,6 +58,8 @@ static const struct argp_option args_options[] = { { "service", 's', N_("CONFIG"), 0, N_("Service configuration to be used") }, { "no-idn", 'i', NULL, 0, N_("disable IDN encoding") }, + { "no-addrconfig", 'A', NULL, 0, + N_("do not filter out unsupported IPv4/IPv6 addresses (with ahosts*)") }, { NULL, 0, NULL, 0, NULL }, }; @@ -79,6 +81,9 @@ static struct argp argp = /* Additional getaddrinfo flags for IDN encoding. */ static int idn_flags = AI_IDN | AI_CANONIDN; +/* Set to 0 by --no-addrconfig. */ +static int addrconfig_flags = AI_ADDRCONFIG; + /* Print the version information. */ static void print_version (FILE *stream, struct argp_state *state) @@ -346,7 +351,7 @@ ahosts_keys_int (int af, int xflags, int number, char *key[]) struct addrinfo hint; memset (&hint, '\0', sizeof (hint)); - hint.ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG | AI_CANONNAME + hint.ai_flags = (AI_V4MAPPED | addrconfig_flags | AI_CANONNAME | idn_flags | xflags); hint.ai_family = af; @@ -905,6 +910,10 @@ parse_option (int key, char *arg, struct argp_state *state) idn_flags = 0; break; + case 'A': + addrconfig_flags = 0; + break; + default: return ARGP_ERR_UNKNOWN; } |