- jakob@cvs.openbsd.org 2005/04/20 10:05:45

     [dns.c]
     do not try to look up SSHFP for numerical hostname. ok djm@

1 files changed, 27 insertions, 2 deletions

diff --git a/dns.c b/dns.c
index 140ab6042..5a964bc7f 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $   */
+/*      $OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $  */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -43,7 +43,7 @@
 #include "uuencode.h"
 
 extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $");
 
 #ifndef LWRES
 static const char *errset_text[] = {
@@ -142,6 +142,26 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
         return success;
 }
 
+/*
+ * Check if hostname is numerical.
+ * Returns -1 if hostname is numeric, 0 otherwise
+ */
+static int
+is_numeric_hostname(const char *hostname)
+{
+        struct addrinfo hints, *ai;
+
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_socktype = SOCK_DGRAM;
+        hints.ai_flags = AI_NUMERICHOST;
+
+        if (getaddrinfo(hostname, "0", &hints, &ai) == 0) {
+                freeaddrinfo(ai);
+                return -1;
+        }
+
+        return 0;
+}
 
 /*
  * Verify the given hostname, address and host key using DNS.
@@ -171,6 +191,11 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
         if (hostkey == NULL)
                 fatal("No key to look up!");
 
+        if (is_numeric_hostname(hostname)) {
+                debug("skipped DNS lookup for numerical hostname");
+                return -1;
+        }
+
         result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
             DNS_RDATATYPE_SSHFP, 0, &fingerprints);
         if (result) {