From f051c364715e812a151147918fc5137f17b0bb1b Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <campbell+heimdal@mumble.net>
Date: Wed, 10 Jan 2024 01:20:02 +0000
Subject: [PATCH] Pass NI_NUMERICSERV|NI_NUMERICSCOPE if NI_NUMERICHOST to
 getnameinfo.

This addresses part of https://github.com/heimdal/heimdal/issues/1214
to audit potential network leaks with [libdefaults] block_dns = yes.

NI_NUMERICHOST is _probably_ sufficient -- we probably won't see many
systems using NIS to look up service names by number if we fail to
specify NI_NUMERICSERV, and such systems probably require careful
auditing of their own.  And I don't know of any way NI_NUMERICSCOPE
could trigger network leaks.  But named scope ids are such a niche
option with IPv6 that setting it to forestall concerns can't hurt
much, and it makes reviewing easier if we just unconditionally flip
on all the numeric-only options.
---
 appl/gssmask/gssmask.c   | 2 +-
 lib/kadm5/ipropd_slave.c | 3 ++-
 lib/krb5/krbhst.c        | 2 +-
 lib/krb5/send_to_kdc.c   | 3 ++-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/appl/gssmask/gssmask.c b/appl/gssmask/gssmask.c
index 86a671301..c27e885b5 100644
--- a/appl/gssmask/gssmask.c
+++ b/appl/gssmask/gssmask.c
@@ -1117,7 +1117,7 @@ create_client(krb5_socket_t sock, int port, const char *moniker)
 
 	getnameinfo((struct sockaddr *)&c->sa, c->salen,
 		    c->servername, sizeof(c->servername),
-		    NULL, 0, NI_NUMERICHOST);
+		    NULL, 0, NI_NUMERICHOST|NI_NUMERICSERV|NI_NUMERICSCOPE);
     }
 
     c->sock = krb5_storage_from_socket(sock);
diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c
index e7c16fe99..2971e7ce4 100644
--- a/lib/kadm5/ipropd_slave.c
+++ b/lib/kadm5/ipropd_slave.c
@@ -85,7 +85,8 @@ connect_to_master (krb5_context context, const char *master,
     for (a = ai; a != NULL; a = a->ai_next) {
 	char node[NI_MAXHOST];
 	error = getnameinfo(a->ai_addr, a->ai_addrlen,
-			    node, sizeof(node), NULL, 0, NI_NUMERICHOST);
+			    node, sizeof(node), NULL, 0,
+			    NI_NUMERICHOST|NI_NUMERICSERV|NI_NUMERICSCOPE);
 	if (error)
 	    strlcpy(node, "[unknown-addr]", sizeof(node));
 
diff --git a/lib/krb5/krbhst.c b/lib/krb5/krbhst.c
index 75a3d1f15..cc1b9a40e 100644
--- a/lib/krb5/krbhst.c
+++ b/lib/krb5/krbhst.c
@@ -656,7 +656,7 @@ add_locate(void *ctx, int type, struct sockaddr *addr)
     portnum = socket_get_port(addr);
 
     ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port),
-		      NI_NUMERICHOST|NI_NUMERICSERV);
+		      NI_NUMERICHOST|NI_NUMERICSERV|NI_NUMERICSCOPE);
     if (ret != 0)
 	return 0;
 
diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c
index 8258330c4..fdf216cae 100644
--- a/lib/krb5/send_to_kdc.c
+++ b/lib/krb5/send_to_kdc.c
@@ -369,7 +369,8 @@ debug_host(krb5_context context, int level, struct host *host, const char *fmt,
 	proto = "udp";
 
     if (getnameinfo(host->ai->ai_addr, host->ai->ai_addrlen,
-		    name, sizeof(name), port, sizeof(port), NI_NUMERICHOST) != 0)
+		    name, sizeof(name), port, sizeof(port),
+		    NI_NUMERICHOST|NI_NUMERICSERV|NI_NUMERICSCOPE) != 0)
 	name[0] = '\0';
 
     switch (host->state) {