Bugzilla – Attachment 2413 Details for
Bug 2205
-S does hostname lookup although it is unused
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Avoid early hostname lookup when hostname canonicalisation is not enabled
delay-hostname-lookup-for-no-canonicalisation.diff (text/plain), 2.05 KB, created by
Damien Miller
on 2014-02-26 10:48:14 AEDT
(
hide
)
Description:
Avoid early hostname lookup when hostname canonicalisation is not enabled
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2014-02-26 10:48:14 AEDT
Size:
2.05 KB
patch
obsolete
>Index: ssh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.400 >diff -u -p -r1.400 ssh.c >--- ssh.c 23 Feb 2014 20:11:36 -0000 1.400 >+++ ssh.c 25 Feb 2014 23:47:30 -0000 >@@ -871,12 +871,20 @@ main(int ac, char **av) > addrs = resolve_canonicalize(&host, options.port); > > /* >- * If canonicalization not requested, or if it failed then try to >- * resolve the bare hostname name using the system resolver's usual >- * search rules. Skip the lookup if a ProxyCommand is being used >- * unless the user has specifically requested canonicalisation. >+ * If CanonicalizePermittedCNAMEs have been specified but >+ * other canonicalization did not happen (by not being requested >+ * or by failing with fallback) then the hostname may still be changed >+ * as a result of CNAME following. >+ * >+ * Try to resolve the bare hostname name using the system resolver's >+ * usual search rules and then apply the CNAME follow rules. >+ * >+ * Skip the lookup if a ProxyCommand is being used unless the user >+ * has specifically requested canonicalisation for this case via >+ * CanonicalizeHostname=always > */ >- if (addrs == NULL && (option_clear_or_none(options.proxy_command) || >+ if (addrs == NULL && options.num_permitted_cnames != 0 && >+ (option_clear_or_none(options.proxy_command) || > options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { > if ((addrs = resolve_host(host, options.port, 1, > cname, sizeof(cname))) == NULL) >@@ -967,6 +975,16 @@ main(int ac, char **av) > fatal("No ControlPath specified for \"-O\" command"); > if (options.control_path != NULL) > muxclient(options.control_path); >+ >+ /* >+ * If hostname canonicalisation was not enabled, then we may not >+ * have yet resolved the hostname. Do so now. >+ */ >+ if (addrs == NULL && options.proxy_command == NULL) { >+ if ((addrs = resolve_host(host, options.port, 1, >+ cname, sizeof(cname))) == NULL) >+ cleanup_exit(255); /* resolve_host logs the error */ >+ } > > timeout_ms = options.connection_timeout * 1000; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2413">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 2205
: 2413