[fpc-pascal] CRITICAL Bug in Lnet DNSLookup failure problem
Mark Morgan Lloyd
markMLl.fpc-pascal at telemetry.co.uk
Thu Nov 28 10:55:18 CET 2013
Dennis Poon wrote:
> when using lnet to connect to a remote server at DomainName : Port e.g.
> yahoo.com : 80
> in file lCommon.pp line 492:
> function StrToNetAddr(const IP : String) : Sockets.in_addr;inline;
> begin
> result := Sockets.StrToNetAddr(IP);
> end;
>
>
> The above function did not raise exception when the IP parameter is a
> null string, which is the return value of a failed DNSlookup of a domain
> name.
You shouldn't be looking up a /domain/ name, you should be looking up a
/host/ name. If this fails then you should be looking more closely at
the parameter, e.g. it might refer to a host which doesn't exist or it
might refer to a local host which needs to be qualified by the local
domain name.
> The consequence is grave!
> When the DNS lookup fails, it returns a null IP string which the
> StrToNetAddr converts to the 0.0.0.0 IPv4.sin_Addr structure without
> raising any exception. If the local computer happens to have a port
> listening at port 80, it just connects to the port 80 of the local
> machine whenever the DNS lookup of the target domain fails!!!
>
> From past experience, the lnet author non longer responds to the any
> bug report,
I must say that that is not my experience. I've previously raised lnet
issues and contributed patches via Mantis, and found the response both
prompt and enthusiastic.
> I am only mentioning this bug here so that other lnet users
> won't have to find out this bug the hard way (3 days of looking for bug
> in the wrong places) like I did.
>
> The fix is simple, so I will modify the code myself but just hope every
> new users of lnet can apply this fix before they use lnet.
If I understand things correctly, 0.0.0.0 is a reserved network (as
distinct from host) address so there is no circumstance in which you
should be attempting to connect to it. Your local system (localhost) is
normally 127.0.0.1, depending on the subnet mask 0.0.0.0 could be
interpreted as "the Class A network" or "the entire Internet".
So to summarise, in my opinion at least the 0.0.0.0 is a valid return,
and you should be looking more carefully at intermediate values and- in
particular- validating parameters fed to the program by the user.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
More information about the fpc-pascal
mailing list