Georg Schwarz
2006-Apr-21 19:29 UTC
OpenSSH DNS resolution failure on IRIX 5.3: request to fix
Dear developers, as reported earlier, recent versions of OpenSSH (4.3p1, 4.3p2 as well as the current CVS) on IRIX 5.3 exhibit a DNS resolution failure. Even for perfectly valid hostnames they return "no address associated with name". After some digging through the code I found what is causing this strange behaviour. Basically it was introduced with the following change: revision 1.3954 date: 2005/11/05 05:56:52; author: djm; state: Exp; lines: +4 -1 - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; ok dtucker@ When I take out the line struct __res_state _res; things work. Also, the problem does not occur when compiling with gcc (I used 3.4.4) instead of the SGI IDO cc. I am not familiar enough with the implementation of the DNS resolution libraries to really judge what is going on. It looks like the global variable _res in openbsd-compat/getrrsetbyname overrides a respective OS-supplied variable when compiling with the SGI IDO cc. I hope that someone else can give a more thorough explanation of what is going wrong. I must admit that I do not understand why _res is defined at all in openbsd-compat/getrrsetbyname.c. It wasn't before 2005/11/05. Now my next question of course is how to fix that problem. Is it acceptable to simple comment out that line with something like this (syntax not really correct)? #if not irix5 or gcc struct __res_state _res; #endif It also seems sufficient to change the line into extern struct __res_state _res; Feedback would be welcome. I'd appreciate if you could CC me on any replies since I am not a member of this mailing list. Georg -- Georg Schwarz http://home.pages.de/~schwarz/ georg.schwarz at freenet.de +49 178 8545053
Darren Tucker
2006-Apr-27 03:26 UTC
OpenSSH DNS resolution failure on IRIX 5.3: request to fix
Georg Schwarz wrote:> as reported earlier, recent versions of OpenSSH (4.3p1, 4.3p2 as well > as the current CVS) on IRIX 5.3 exhibit a DNS resolution failure. > Even for perfectly valid hostnames they return "no address associated > with name".[...]> When I take out the line > > struct __res_state _res; > > things work. Also, the problem does not occur when compiling with gcc > (I used 3.4.4) instead of the SGI IDO cc.Thinking about this: is __res_state declared extern in the system headers? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Darren Tucker
2006-May-02 00:09 UTC
OpenSSH DNS resolution failure on IRIX 5.3: request to fix
On Fri, Apr 21, 2006 at 09:29:36PM +0200, Georg Schwarz wrote:> as reported earlier, recent versions of OpenSSH (4.3p1, 4.3p2 as well > as the current CVS) on IRIX 5.3 exhibit a DNS resolution failure. > Even for perfectly valid hostnames they return "no address associated > with name". > After some digging through the code I found what is causing this > strange behaviour. Basically it was introduced with the following > change: > > revision 1.3954 > date: 2005/11/05 05:56:52; author: djm; state: Exp; lines: +4 -1 > - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD > version, > resolving memory leak bz#1111 reported by kremenek AT > cs.stanford.edu; > ok dtucker@ > > > When I take out the line > > struct __res_state _res;After some off-list discussion, it looks like the correct thing to do for this is to check for the presence of _res as an extern and use that in preference. The attached patch (against -current) seems to resolve the problem on IRIX, but can anyone see any reason this might be a bad idea on some other platform? Thanks. Index: configure.ac ==================================================================RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/configure.ac,v retrieving revision 1.339 diff -u -p -r1.339 configure.ac --- configure.ac 22 Apr 2006 11:26:08 -0000 1.339 +++ configure.ac 1 May 2006 00:53:37 -0000 @@ -3000,6 +3000,25 @@ int main() [#include <arpa/nameser.h>]) ]) +AC_MSG_CHECKING(if struct __res_state _res is an extern) +AC_LINK_IFELSE([ +#include <stdio.h> +#if HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#include <netinet/in.h> +#include <arpa/nameser.h> +#include <resolv.h> +extern struct __res_state _res; +int main() { return 0; } + ], + [AC_MSG_RESULT(yes) + AC_DEFINE(HAVE__RES_EXTERN, 1, + [Define if you have struct __res_state _res as an extern]) + ], + [ AC_MSG_RESULT(no) ] +) + # Check whether user wants SELinux support SELINUX_MSG="no" LIBSELINUX="" Index: openbsd-compat/getrrsetbyname.c ==================================================================RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/getrrsetbyname.c,v retrieving revision 1.17 diff -u -p -r1.17 getrrsetbyname.c --- openbsd-compat/getrrsetbyname.c 12 Nov 2005 03:06:29 -0000 1.17 +++ openbsd-compat/getrrsetbyname.c 1 May 2006 00:41:21 -0000 @@ -60,7 +60,10 @@ extern int h_errno; # undef _THREAD_PRIVATE #endif #define _THREAD_PRIVATE(a,b,c) (c) + +#ifndef HAVE__RES_EXTERN struct __res_state _res; +#endif /* Necessary functions and macros */ -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Rick Jones
2006-May-02 00:15 UTC
OpenSSH DNS resolution failure on IRIX 5.3: request to fix
I cannot speak to the specifics of this situation, but my past experience with netperf DNS tests and trying to use _res directly was: "There be dragons there!" And IIRC I try not to do that in netperf4. Different platforms may handle _res differently depending on the app being threaded or not, etc. Some platforms may have resolver libraries based on particularly old versions of BIND. So, I would wonder the purpose to which _res was being accessed directly and ask if perhaps there might be a different way to serve that purpose. rick jones