pledge: telnet should not verify if hostname is a fully qualified domain

Mon, 02 May 2016 17:53:15 -0700 

Hi tech@,

I have been noticing coredumps from telnet on my laptop for some time
now and finally found an evening to investigate it.

The typical use case:

$ telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.2
^]
telnet> quit
Connection closed.
Abort trap (core dumped) 
$ 

Plus the following in dmesg:
telnet(67078): syscall 97 "dns"

The bug was reproducible by me both by calling quit or close in the
telnet> prompt but no one else I asked was able to reproduce it.

Rebuilding the code with debug symbols and grabbing the backtrace
revealed this fine piece of code:

                /* If this is not the full name, try to get it via DNS */
                if (strchr(hbuf, '.') == 0) {
                        struct hostent *he = gethostbyname(hbuf);
                        if (he != 0)
                                strncpy(hbuf, he->h_name, sizeof hbuf-1);
                        hbuf[sizeof hbuf-1] = '\0';
                }

Full backtrace: 
https://gist.github.com/mulander/392bce616de89830f64aaf72b9cab56d

Which was added in 12-March-98 by art@ while adding encryption support
from kth-krb (kerberos only) plus doing some tweaks for better
binary/8-bit support
(http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/telnet/commands.c#rev1.10).

The reason for entering that code path is me having a not fully
qualified name for my host. Setting up a proper name (napalm.local
instead of napalm) makes telnet happy again. Regardless I don't see a
reason why telnet should be doing this check. Here is the rationale:

- It's not performed and required on initial run (either by running
telnet + telnet> open host port or by running telnet host port
directly)
- It breaks the pledge assumption of not needing DNS after the
  connection is established

I would like to just drop that part of code. Any OK's, comments?

Index: commands.c
===================================================================
RCS file: /cvs/src/usr.bin/telnet/commands.c,v
retrieving revision 1.83
diff -u -p -r1.83 commands.c
--- commands.c  16 Mar 2016 15:41:11 -0000      1.83
+++ commands.c  3 May 2016 00:24:51 -0000
@@ -1445,14 +1445,6 @@ env_init(void)
 
                gethostname(hbuf, sizeof hbuf);
 
-               /* If this is not the full name, try to get it via DNS */
-               if (strchr(hbuf, '.') == 0) {
-                       struct hostent *he = gethostbyname(hbuf);
-                       if (he != 0)
-                               strncpy(hbuf, he->h_name, sizeof hbuf-1);
-                       hbuf[sizeof hbuf-1] = '\0';
-               }
-
                if (asprintf (&cp, "%s%s", hbuf, cp2) == -1)
                        err(1, "asprintf");

Reply via email to