[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#629899: apache2: apr_sockaddr_info_get() failed / Could not reliably determine the server's FQDN

retitle 629899 ap_get_local_host is broken (can't always determine the server's FQDN)
severity 629899 important

with potential security implications (depending on what Apache does
with the FQDN).

After reading the source, it appears that the ap_get_local_host
function in server/util.c is broken: it uses apr_sockaddr_info_get
to get the FQDN (thus does a network access) instead of using
gethostbyname (possibly an APR limitation); if gethostbyname is
not available on some systems, Apache could still use the current

On my machine, the FQDN is specified via /etc/hosts, thus doesn't
depend on the network being set up. For instance, here we apparently
have dynamic DNS set-up, so that resolving the host name during the
boot via the DNS system may fail because the request is done too
early after the DHCP client has started.

Moreover, from a security point of view, it is a bad idea to use the
DNS system when the FQDN is defined locally, because the DNS system
may give incorrect information (e.g. when connecting via a public
access point).

Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)

Reply to: