diff options
Diffstat (limited to 'crypto/openssh/dns.c')
| -rw-r--r-- | crypto/openssh/dns.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/crypto/openssh/dns.c b/crypto/openssh/dns.c index 92623de..a7da03f 100644 --- a/crypto/openssh/dns.c +++ b/crypto/openssh/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: dns.c,v 1.25 2008/06/12 00:03:49 dtucker Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -145,11 +145,20 @@ is_numeric_hostname(const char *hostname) { struct addrinfo hints, *ai; + /* + * We shouldn't ever get a null host but if we do then log an error + * and return -1 which stops DNS key fingerprint processing. + */ + if (hostname == NULL) { + error("is_numeric_hostname called with NULL hostname"); + return -1; + } + memset(&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_DGRAM; hints.ai_flags = AI_NUMERICHOST; - if (getaddrinfo(hostname, "0", &hints, &ai) == 0) { + if (getaddrinfo(hostname, NULL, &hints, &ai) == 0) { freeaddrinfo(ai); return -1; } @@ -217,7 +226,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (fingerprints->rri_nrdatas) *flags |= DNS_VERIFY_FOUND; - for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) { + for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) { /* * Extract the key from the answer. Ignore any badly * formatted fingerprints. |
