From: osman@surkatty.org
To: ruby-core@ruby-lang.org
Subject: [ruby-core:72446] [Ruby trunk - Bug #11864] [Open] Resolv incorrectly accepts invalid hostnames and caches records between sessions
Date: Wed, 23 Dec 2015 01:37:23 +0000 [thread overview]
Message-ID: <redmine.issue-11864.20151223013723.01955f67a2fe0d43@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-11864.20151223013723@ruby-lang.org
Issue #11864 has been reported by Osman Surkatty.
----------------------------------------
Bug #11864: Resolv incorrectly accepts invalid hostnames and caches records between sessions
https://bugs.ruby-lang.org/issues/11864
* Author: Osman Surkatty
* Status: Open
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
Hello,
While working on a DNS related project I noticed that Resolv's getaddresses() and getaddress() functions will incorrectly accepts an empty String and additionally returns a cached record if a new IRB session is invoked. Resolv correctly rejects nil or empty arguments, but I believe the issue here is that the validation of String should require at a minimum a single valid String character.
Here is an example of what I mean:
$ irb
irb(main):001:0> RUBY_VERSION
=> "2.2.3"
irb(main):002:0> require 'resolv'
=> true
irb(main):003:0> Resolv.getaddresses("surkatty.org")
=> ["54.244.9.126"]
irb(main):004:0> Resolv.getaddresses("example.com")
=> ["93.184.216.34"]
irb(main):005:0> Resolv.getaddresses("NX")
=> []
irb(main):006:0> Resolv.getaddresses("")
=> ["54.244.9.126"]
irb(main):007:0> Resolv.getaddresses()
ArgumentError: wrong number of arguments (0 for 1)
from /usr/local/Cellar/ruby/2.2.3/lib/ruby/2.2.0/resolv.rb:48:in `getaddresses'
from (irb):7
from /usr/local/bin/irb:11:in `<main>'
irb(main):008:0>
On line 006:0, I would have expected Resolv.getaddresses("") to return either:
1. Raise an ArgumentError or some other indicating an invalid String was passed
2. Return an empty Array
I've also attached a screenshot from my commandline showing the output between IRB sessions as well.
---Files--------------------------------
dns.png (71.5 KB)
--
https://bugs.ruby-lang.org/
next parent reply other threads:[~2015-12-23 1:05 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-11864.20151223013723@ruby-lang.org>
2015-12-23 1:37 ` osman [this message]
2015-12-23 1:41 ` [ruby-core:72447] [Ruby trunk - Bug #11864] Resolv incorrectly accepts invalid hostnames and caches records between sessions osman
2015-12-23 3:11 ` [ruby-core:72449] [Ruby trunk - Bug #11864] [Third Party's Issue] " nobu
2015-12-23 3:15 ` [ruby-core:72451] [Ruby trunk - Bug #11864] " nobu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.issue-11864.20151223013723.01955f67a2fe0d43@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).