From 520d0eab98daf2bbdeeb229a3fd3484d6356c48d Mon Sep 17 00:00:00 2001 From: wiz Date: Thu, 28 Aug 2003 09:39:11 +0000 Subject: [PATCH] Bump date for CAVEATS; fix punctuation usage in one place; drop trailing space; use \*[Am] instead of & for HTML generation. --- lib/libc/net/getnameinfo.3 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/libc/net/getnameinfo.3 b/lib/libc/net/getnameinfo.3 index e6f8bad242f8..1393f32e862e 100644 --- a/lib/libc/net/getnameinfo.3 +++ b/lib/libc/net/getnameinfo.3 @@ -1,4 +1,4 @@ -.\" $NetBSD: getnameinfo.3,v 1.27 2003/08/28 01:49:30 itojun Exp $ +.\" $NetBSD: getnameinfo.3,v 1.28 2003/08/28 09:39:11 wiz Exp $ .\" $KAME: getnameinfo.3,v 1.27 2003/04/30 06:06:42 itojun Exp $ .\" .\" Copyright (c) 1983, 1987, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95 .\" -.Dd May 25, 1995 +.Dd August 28, 2003 .Dt GETNAMEINFO 3 .Os .\" @@ -295,8 +295,8 @@ returns both numeric and FQDN notation of the address specified in There is no return value that indicates if the string returned in .Fa host is a result of binary to numeric-text translation (like -.Xr inet_ntop 3 -), or the result of DNS reverse lookup. +.Xr inet_ntop 3 ) , +or the result of DNS reverse lookup. Therefore, malicious parties could set up PTR record like below: .Bd -literal -offset indent 1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 @@ -311,7 +311,7 @@ is when it actually is .Li 127.0.0.1 . .Pp -To prevent such attacks, the use of +To prevent such attacks, the use of .Li NI_NAMEREQD like below is recommended when you use the result of .Nm @@ -326,10 +326,10 @@ int error; error = getnameinfo(sa, salen, addr, sizeof(addr), NULL, 0, NI_NAMEREQD); if (error == 0) { - memset(&hints, 0, sizeof(hints)); + memset(\*[Am]hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_DGRAM; /*dummy*/ hints.ai_flags = AI_NUMERICHOST; - if (getaddrinfo(addr, "0", &hints, &res) == 0) { + if (getaddrinfo(addr, "0", \*[Am]hints, \*[Am]res) == 0) { /* malicious PTR record */ freeaddrinfo(res); printf("bogus PTR record\\n");