[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#64192: libc6: getaddrinfo bug

Package: libc6
Version: 2.1.3-10
Severity: normal

It seems there is something very wrong with the getaddrinfo function. Here 
is a test program,

#include <netdb.h>
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>

int main(int argc,const char *argv[])
   struct addrinfo *HostAddr = 0;
   struct addrinfo Hints;
   char Name[NI_MAXHOST];
   Hints.ai_socktype = SOCK_STREAM;
   Hints.ai_protocol = IPPROTO_TCP;

   printf("getaddrinfo = %i\n",getaddrinfo(argv[1],"http",&Hints,&HostAddr));

   Name[0] = 0;
               printf("Name: %s\n",Name);
   return 0;
To show what is happening I have turned on the query log on my local 

I also have this in /etc/resolv.conf:
domain deltatee.com
search deltatee.com debian.org priv.deltatee.com dyn.deltatee.com

[The search line is important to the problem at hand]

If the program above is exectued as:

$ /tmp/test samosa.debian.org
[multi-min pause]

Watching the query log from bind shows up this information:

May 15 23:50:31 wakko named[11491]: XX+/
May 15 23:50:31 wakko named[11491]: XX+/
May 15 23:50:31 wakko named[11491]: XX+/
May 15 23:50:31 wakko named[11491]: XX+/
May 15 23:50:46 wakko last message repeated 2 times
May 15 23:51:06 wakko named[11491]: XX+/
May 15 23:51:46 wakko named[11491]: XX+/
May 15 23:52:21 wakko last message repeated 3 times
May 15 23:52:42 wakko named[11491]: XX+/

Notice that libc asks bind to resolve all the possible AAAA combinations and
then starts trying the A possibilities. It seems to me that this is very
counter intuitive, it may even be a security risk!

The above is done without doing anything 'evil'. For me it is a really nasty
problem because priv.deltatee.com and dyn.deltatee.com have firewalled name 
servers I cannot communicate with [their resolutions all time out when my IP
tunnel is not active]. This effectively crippled all programs using
getaddrinfo for resolution since it takes about 1.5 mins to get a response.

However, that is minor compared to this problem, which is actually a serious
bug. I control the deltatee.com domain, and have done this:

$ host -a samosa.debian.org.deltatee.com
samosa.debian.org.deltatee.com  AAAA    3FFE:600:8000:8:0:0:0:32


Wakko{root}~/work/apt/build/bin#/tmp/a.out samosa.debian.org
getaddrinfo = 0
Name: 3ffe:600:8000:8::32


I have managed to redirect all queries for samosa.debian.org to my IPv6

This is certainly a bug, the resolver library should try to find AAAA
records for samosa.debian.org, then A records. An order like this:
samosa.debian.org AAAA?
samosa.debian.org A?
samosa.debian.org.deltatee.com AAAA?
samosa.debian.org.deltatee.com A?
samosa.debian.org.priv.deltatee.com AAAA?
samosa.debian.org.priv.deltatee.com A?

And not like this:
samosa.debian.org AAAA?
samosa.debian.org.deltatee.com AAAA?
samosa.debian.org.priv.deltatee.com AAAA?
samosa.debian.org A?
samosa.debian.org.deltatee.com A?
samosa.debian.org.priv.deltatee.com A?


Reply to: