Bug #11864
closedResolv incorrectly accepts invalid hostnames and caches records between sessions
Description
Hello,
While working on a DNS related project I noticed that Resolv's getaddresses()
and getaddress()
functions will incorrectly accepts an empty String
and additionally returns a cached record if a new IRB session is invoked. Resolv
correctly rejects nil or empty arguments, but I believe the issue here is that the validation of String
should require at a minimum a single valid String character.
Here is an example of what I mean:
$ irb
irb(main):001:0> RUBY_VERSION
=> "2.2.3"
irb(main):002:0> require 'resolv'
=> true
irb(main):003:0> Resolv.getaddresses("surkatty.org")
=> ["54.244.9.126"]
irb(main):004:0> Resolv.getaddresses("example.com")
=> ["93.184.216.34"]
irb(main):005:0> Resolv.getaddresses("NX")
=> []
irb(main):006:0> Resolv.getaddresses("")
=> ["54.244.9.126"]
irb(main):007:0> Resolv.getaddresses()
ArgumentError: wrong number of arguments (0 for 1)
from /usr/local/Cellar/ruby/2.2.3/lib/ruby/2.2.0/resolv.rb:48:in `getaddresses'
from (irb):7
from /usr/local/bin/irb:11:in `<main>'
irb(main):008:0>
On line 006:0, I would have expected Resolv.getaddresses("")
to return either:
- Raise an
ArgumentError
or some other indicating an invalidString
was passed - Return an empty
Array
I've also attached a screenshot from my commandline showing the output between IRB sessions as well.
Files
Updated by breadtk (Osman Surkatty) over 8 years ago
- Assignee set to akr (Akira Tanaka)
Assigning directly to Akira Tanaka, the Resolv maintainer per https://bugs.ruby-lang.org/projects/ruby/wiki/MaintainersStdlib
Updated by nobu (Nobuyoshi Nakada) over 8 years ago
- Description updated (diff)
- Status changed from Open to Third Party's Issue
- Assignee deleted (
akr (Akira Tanaka))
It returned an empty list for an empty name on Darwin 15, but returned a random list on Darwin 14.
Seems a bug of OS X 10.10.
You may want to request Apple to backport the fix.
Updated by nobu (Nobuyoshi Nakada) over 8 years ago
Correction.
The previous result was when VPN is connected, and the answer seemed a list of private addresses over VPN.
After disconnecting the VPN, an empty list returned.
I'm not sure if this is your case, however, check your network environment.