Bug#157693: getaddrinfo() is buggy; resolution misses fields in /etc/hosts
Package: libc6
Version: 2.2.5-11.1
Severity: important
(note: making the severity important 'cause this is a particularly
annoying bug, that should _not_ be in a "stable" debian release).
Several people have complained that things using getaddrinfo() (telnet,
apt, curl, links, and many others) ignore the order in
/etc/nsswitch.conf, passing over hosts in /etc/hosts and instead doing a
dns lookup via nameservers. I have traced through glibc, and discovered
that gaih_inet() appends a "." to the host when doing a lookup. Adding
the trailing dot to entries in /etc/hosts makes lookups work properly
again. What I believe is happening is:
/etc/hosts is searched for foo.bar.com. (note the trailing dot);
if not found, the resolver searches for foo.bar.com.;
if not found, /etc/hosts is searched for foo.bar.com (not the lack of
trailing dot);
if not found, the resolver searches for foo.bar.com (appending the
search domain from /etc/resolv.conf if there is one..
foo.bar.com.tld.com, for example).
This is inconsistent behavior, as /etc/hosts has no notion of search
paths for domains; all aliases are usually listed after the ip (ie,
192.168.0.1 gateway.foo.com gateway gw gw.foo.com cerebus.foo.com).
Please let me know if I'm incorrect; glibc dns resolution code is
horrible to try and understand..
--
Broad surveillance is a mark of bad security.
-- Bruce Schneier
Reply to: