bugzilla-daemon at mindrot.org
2007-Mar-16 04:54 UTC
[Bug 1299] Remove redefinition of _res in getrrsetbyname.c
http://bugzilla.mindrot.org/show_bug.cgi?id=1299 Summary: Remove redefinition of _res in getrrsetbyname.c Product: Portable OpenSSH Version: 4.5p1 Platform: All OS/Version: NetBSD Status: NEW Keywords: patch Severity: major Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: cjs at cynic.net Ssh won't use SSHFP fingerprints available via DNSSEC, because it doesn't turn on DNSSEC to request them. Around line 70 in openbsd-compat/getrrsetbyname.c, we have the following: /* to avoid conflicts where a platform already has _res */ #ifdef _res # undef _res #endif #define _res _compat_res struct __res_state _res; This defines a global, _compat_res, used only by OpenSSH (at least on NetBSD), and makes _res be that instead of the "real" _res (however that might be defined on various platforms). _res is used only in the getrrsetbyname function, which never initializes it in any way, but tries to act as if it's using the real _res. So it calls init_res every time: if ((_resp->options & RES_INIT) == 0 && res_init() == -1) { and it never turns on DNSSEC, even when RES_USE_EDNS0 is set, since it's checking for it in the wrong place: if (_resp->options & RES_USE_EDNS0) _resp->options |= RES_USE_DNSSEC; The fix is to remove the code that redefines _res, or at least #ifdef it for only those platforms that need this for some reason. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2007-Apr-09 23:45 UTC
[Bug 1299] Remove redefinition of _res in getrrsetbyname.c
http://bugzilla.mindrot.org/show_bug.cgi?id=1299 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED OtherBugsDependingO| |1289, 1305 nThis| | ------- Comment #1 from dtucker at zip.com.au 2007-04-10 09:45 ------- This was also mentioned on the mailing list, however it has not been confirmed whether or not the patch resolves the problem on NetBSD. http://marc.info/?l=openssh-unix-dev&m=117390608117235 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2007-Apr-09 23:47 UTC
[Bug 1299] Remove redefinition of _res in getrrsetbyname.c
http://bugzilla.mindrot.org/show_bug.cgi?id=1299 ------- Comment #2 from dtucker at zip.com.au 2007-04-10 09:47 ------- Created an attachment (id=1258) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1258&action=view) Check for global _res in configure. Note that you will need to run "autoreconf" to rebuild configure before configuring and building. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.