* [ruby-core:72446] [Ruby trunk - Bug #11864] [Open] Resolv incorrectly accepts invalid hostnames and caches records between sessions
[not found] <redmine.issue-11864.20151223013723@ruby-lang.org>
@ 2015-12-23 1:37 ` osman
2015-12-23 1:41 ` [ruby-core:72447] [Ruby trunk - Bug #11864] " osman
` (2 subsequent siblings)
3 siblings, 0 replies; 4+ messages in thread
From: osman @ 2015-12-23 1:37 UTC (permalink / raw)
To: ruby-core
Issue #11864 has been reported by Osman Surkatty.
----------------------------------------
Bug #11864: Resolv incorrectly accepts invalid hostnames and caches records between sessions
https://bugs.ruby-lang.org/issues/11864
* Author: Osman Surkatty
* Status: Open
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
Hello,
While working on a DNS related project I noticed that Resolv's getaddresses() and getaddress() functions will incorrectly accepts an empty String and additionally returns a cached record if a new IRB session is invoked. Resolv correctly rejects nil or empty arguments, but I believe the issue here is that the validation of String should require at a minimum a single valid String character.
Here is an example of what I mean:
$ irb
irb(main):001:0> RUBY_VERSION
=> "2.2.3"
irb(main):002:0> require 'resolv'
=> true
irb(main):003:0> Resolv.getaddresses("surkatty.org")
=> ["54.244.9.126"]
irb(main):004:0> Resolv.getaddresses("example.com")
=> ["93.184.216.34"]
irb(main):005:0> Resolv.getaddresses("NX")
=> []
irb(main):006:0> Resolv.getaddresses("")
=> ["54.244.9.126"]
irb(main):007:0> Resolv.getaddresses()
ArgumentError: wrong number of arguments (0 for 1)
from /usr/local/Cellar/ruby/2.2.3/lib/ruby/2.2.0/resolv.rb:48:in `getaddresses'
from (irb):7
from /usr/local/bin/irb:11:in `<main>'
irb(main):008:0>
On line 006:0, I would have expected Resolv.getaddresses("") to return either:
1. Raise an ArgumentError or some other indicating an invalid String was passed
2. Return an empty Array
I've also attached a screenshot from my commandline showing the output between IRB sessions as well.
---Files--------------------------------
dns.png (71.5 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:72447] [Ruby trunk - Bug #11864] Resolv incorrectly accepts invalid hostnames and caches records between sessions
[not found] <redmine.issue-11864.20151223013723@ruby-lang.org>
2015-12-23 1:37 ` [ruby-core:72446] [Ruby trunk - Bug #11864] [Open] Resolv incorrectly accepts invalid hostnames and caches records between sessions osman
@ 2015-12-23 1:41 ` osman
2015-12-23 3:11 ` [ruby-core:72449] [Ruby trunk - Bug #11864] [Third Party's Issue] " nobu
2015-12-23 3:15 ` [ruby-core:72451] [Ruby trunk - Bug #11864] " nobu
3 siblings, 0 replies; 4+ messages in thread
From: osman @ 2015-12-23 1:41 UTC (permalink / raw)
To: ruby-core
Issue #11864 has been updated by Osman Surkatty.
Assignee set to Akira Tanaka
Assigning directly to Akira Tanaka, the Resolv maintainer per https://bugs.ruby-lang.org/projects/ruby/wiki/MaintainersStdlib
----------------------------------------
Bug #11864: Resolv incorrectly accepts invalid hostnames and caches records between sessions
https://bugs.ruby-lang.org/issues/11864#change-55741
* Author: Osman Surkatty
* Status: Open
* Priority: Normal
* Assignee: Akira Tanaka
* ruby -v: ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
Hello,
While working on a DNS related project I noticed that Resolv's getaddresses() and getaddress() functions will incorrectly accepts an empty String and additionally returns a cached record if a new IRB session is invoked. Resolv correctly rejects nil or empty arguments, but I believe the issue here is that the validation of String should require at a minimum a single valid String character.
Here is an example of what I mean:
$ irb
irb(main):001:0> RUBY_VERSION
=> "2.2.3"
irb(main):002:0> require 'resolv'
=> true
irb(main):003:0> Resolv.getaddresses("surkatty.org")
=> ["54.244.9.126"]
irb(main):004:0> Resolv.getaddresses("example.com")
=> ["93.184.216.34"]
irb(main):005:0> Resolv.getaddresses("NX")
=> []
irb(main):006:0> Resolv.getaddresses("")
=> ["54.244.9.126"]
irb(main):007:0> Resolv.getaddresses()
ArgumentError: wrong number of arguments (0 for 1)
from /usr/local/Cellar/ruby/2.2.3/lib/ruby/2.2.0/resolv.rb:48:in `getaddresses'
from (irb):7
from /usr/local/bin/irb:11:in `<main>'
irb(main):008:0>
On line 006:0, I would have expected Resolv.getaddresses("") to return either:
1. Raise an ArgumentError or some other indicating an invalid String was passed
2. Return an empty Array
I've also attached a screenshot from my commandline showing the output between IRB sessions as well.
---Files--------------------------------
dns.png (71.5 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:72449] [Ruby trunk - Bug #11864] [Third Party's Issue] Resolv incorrectly accepts invalid hostnames and caches records between sessions
[not found] <redmine.issue-11864.20151223013723@ruby-lang.org>
2015-12-23 1:37 ` [ruby-core:72446] [Ruby trunk - Bug #11864] [Open] Resolv incorrectly accepts invalid hostnames and caches records between sessions osman
2015-12-23 1:41 ` [ruby-core:72447] [Ruby trunk - Bug #11864] " osman
@ 2015-12-23 3:11 ` nobu
2015-12-23 3:15 ` [ruby-core:72451] [Ruby trunk - Bug #11864] " nobu
3 siblings, 0 replies; 4+ messages in thread
From: nobu @ 2015-12-23 3:11 UTC (permalink / raw)
To: ruby-core
Issue #11864 has been updated by Nobuyoshi Nakada.
Description updated
Status changed from Open to Third Party's Issue
Assignee deleted (Akira Tanaka)
It returned an empty list for an empty name on Darwin 15, but returned a random list on Darwin 14.
Seems a bug of OS X 10.10.
You may want to request Apple to backport the fix.
----------------------------------------
Bug #11864: Resolv incorrectly accepts invalid hostnames and caches records between sessions
https://bugs.ruby-lang.org/issues/11864#change-55742
* Author: Osman Surkatty
* Status: Third Party's Issue
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
Hello,
While working on a DNS related project I noticed that Resolv's `getaddresses()` and `getaddress()` functions will incorrectly accepts an empty `String` and additionally returns a cached record if a new IRB session is invoked. `Resolv` correctly rejects nil or empty arguments, but I believe the issue here is that the validation of `String` should require at a minimum a single valid String character.
Here is an example of what I mean:
~~~ruby
$ irb
irb(main):001:0> RUBY_VERSION
=> "2.2.3"
irb(main):002:0> require 'resolv'
=> true
irb(main):003:0> Resolv.getaddresses("surkatty.org")
=> ["54.244.9.126"]
irb(main):004:0> Resolv.getaddresses("example.com")
=> ["93.184.216.34"]
irb(main):005:0> Resolv.getaddresses("NX")
=> []
irb(main):006:0> Resolv.getaddresses("")
=> ["54.244.9.126"]
irb(main):007:0> Resolv.getaddresses()
ArgumentError: wrong number of arguments (0 for 1)
from /usr/local/Cellar/ruby/2.2.3/lib/ruby/2.2.0/resolv.rb:48:in `getaddresses'
from (irb):7
from /usr/local/bin/irb:11:in `<main>'
irb(main):008:0>
~~~
On line 006:0, I would have expected `Resolv.getaddresses("")` to return either:
1. Raise an `ArgumentError` or some other indicating an invalid `String` was passed
2. Return an empty `Array`
I've also attached a screenshot from my commandline showing the output between IRB sessions as well.
---Files--------------------------------
dns.png (71.5 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:72451] [Ruby trunk - Bug #11864] Resolv incorrectly accepts invalid hostnames and caches records between sessions
[not found] <redmine.issue-11864.20151223013723@ruby-lang.org>
` (2 preceding siblings ...)
2015-12-23 3:11 ` [ruby-core:72449] [Ruby trunk - Bug #11864] [Third Party's Issue] " nobu
@ 2015-12-23 3:15 ` nobu
3 siblings, 0 replies; 4+ messages in thread
From: nobu @ 2015-12-23 3:15 UTC (permalink / raw)
To: ruby-core
Issue #11864 has been updated by Nobuyoshi Nakada.
Correction.
The previous result was when VPN is connected, and the answer seemed a list of private addresses over VPN.
After disconnecting the VPN, an empty list returned.
I'm not sure if this is your case, however, check your network environment.
----------------------------------------
Bug #11864: Resolv incorrectly accepts invalid hostnames and caches records between sessions
https://bugs.ruby-lang.org/issues/11864#change-55743
* Author: Osman Surkatty
* Status: Third Party's Issue
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
Hello,
While working on a DNS related project I noticed that Resolv's `getaddresses()` and `getaddress()` functions will incorrectly accepts an empty `String` and additionally returns a cached record if a new IRB session is invoked. `Resolv` correctly rejects nil or empty arguments, but I believe the issue here is that the validation of `String` should require at a minimum a single valid String character.
Here is an example of what I mean:
~~~ruby
$ irb
irb(main):001:0> RUBY_VERSION
=> "2.2.3"
irb(main):002:0> require 'resolv'
=> true
irb(main):003:0> Resolv.getaddresses("surkatty.org")
=> ["54.244.9.126"]
irb(main):004:0> Resolv.getaddresses("example.com")
=> ["93.184.216.34"]
irb(main):005:0> Resolv.getaddresses("NX")
=> []
irb(main):006:0> Resolv.getaddresses("")
=> ["54.244.9.126"]
irb(main):007:0> Resolv.getaddresses()
ArgumentError: wrong number of arguments (0 for 1)
from /usr/local/Cellar/ruby/2.2.3/lib/ruby/2.2.0/resolv.rb:48:in `getaddresses'
from (irb):7
from /usr/local/bin/irb:11:in `<main>'
irb(main):008:0>
~~~
On line 006:0, I would have expected `Resolv.getaddresses("")` to return either:
1. Raise an `ArgumentError` or some other indicating an invalid `String` was passed
2. Return an empty `Array`
I've also attached a screenshot from my commandline showing the output between IRB sessions as well.
---Files--------------------------------
dns.png (71.5 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-12-23 2:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <redmine.issue-11864.20151223013723@ruby-lang.org>
2015-12-23 1:37 ` [ruby-core:72446] [Ruby trunk - Bug #11864] [Open] Resolv incorrectly accepts invalid hostnames and caches records between sessions osman
2015-12-23 1:41 ` [ruby-core:72447] [Ruby trunk - Bug #11864] " osman
2015-12-23 3:11 ` [ruby-core:72449] [Ruby trunk - Bug #11864] [Third Party's Issue] " nobu
2015-12-23 3:15 ` [ruby-core:72451] [Ruby trunk - Bug #11864] " nobu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).