Actions
Bug #11864
closed
Resolv incorrectly accepts invalid hostnames and caches records between sessions
Status:
Third Party's Issue
Assignee:
-
Target version:
-
ruby -v:
ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
Description
Hello,
While working on a DNS related project I noticed that Resolv's getaddresses() and getaddress() functions will incorrectly accepts an empty String and additionally returns a cached record if a new IRB session is invoked. Resolv correctly rejects nil or empty arguments, but I believe the issue here is that the validation of String should require at a minimum a single valid String character.
Here is an example of what I mean:
$ irb
irb(main):001:0> RUBY_VERSION
=> "2.2.3"
irb(main):002:0> require 'resolv'
=> true
irb(main):003:0> Resolv.getaddresses("surkatty.org")
=> ["54.244.9.126"]
irb(main):004:0> Resolv.getaddresses("example.com")
=> ["93.184.216.34"]
irb(main):005:0> Resolv.getaddresses("NX")
=> []
irb(main):006:0> Resolv.getaddresses("")
=> ["54.244.9.126"]
irb(main):007:0> Resolv.getaddresses()
ArgumentError: wrong number of arguments (0 for 1)
from /usr/local/Cellar/ruby/2.2.3/lib/ruby/2.2.0/resolv.rb:48:in `getaddresses'
from (irb):7
from /usr/local/bin/irb:11:in `<main>'
irb(main):008:0>
On line 006:0, I would have expected Resolv.getaddresses("") to return either:
- Raise an
ArgumentErroror some other indicating an invalidStringwas passed - Return an empty
Array
I've also attached a screenshot from my commandline showing the output between IRB sessions as well.
Files
Updated by 
Updated by 
Actions
Like0
Like0Like0Like0