e75e549252
This change has two parts: 1. Provide our own local implementation of numeric-only getaddrinfo in auditdns.c used to audit for DNS leaks, rather than deferring to dlsym(RTLD_NEXT, "getaddrinfo"), in terms of inet_pton. To keep review and implementation simple, this is limited to AI_NUMERICHOST _and_ AI_NUMERICSERV -- this requires that we arrange to pass AI_NUMERICSERV in callers too. 2. Wherever we implement block_dns, set AI_NUMERICSERV in addition to AI_NUMERICHOST as needed by the new auditdns.c getaddrinfo. (In principle this might also avoid other network leaks -- POSIX guarantees no name resolution service will be invoked, and gives NIS+ as an example.) One tiny semantic change to avoid tripping over the auditor: kadmin(8) now uses the string "749" rather than the string "kerberos-adm". (Currently we don't audit kadmin(8) for DNS leaks but let's avoid leaving a rake to step on.) Every other caller I found is already guaranteed to pass a numeric service rather than named service to getaddrinfo. fix https://github.com/heimdal/heimdal/issues/1212
Heimdal
Heimdal is an implementation of:
- ASN.1/DER,
- PKIX, and
- Kerberos.
For information how to install see here.
There are man pages for most of the commands.
Bug reports and bugs are appreciated. Use GitHub issues.
For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:
heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion
send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.
Build Status