ID: 43853
Updated by: [EMAIL PROTECTED]
Reported By: radonov at ecad dot tu-sofia dot bg
-Status: Open
+Status: Bogus
Bug Type: Network related
Operating System: Solaris
PHP Version: 4.4.8, 5CVS
Assigned To: ab5602
New Comment:
K, marked as bogus then.
Previous Comments:
------------------------------------------------------------------------
[2008-01-29 00:17:32] [EMAIL PROTECTED]
Proof is in the pudding: from gethostbyaddr() in OpenSolaris
libresolv...
----------
if ((hp = _getrhbyaddr(addr, len, type)) == (struct hostent *)NULL)
return ((struct hostent *)NULL);
/* hang on to what we got as an answer */
(void) strcpy(hbuf, hp->h_name);
/* check to make sure by doing a forward query */
if ((hp2 = res_gethostbyname(hbuf)) != (struct hostent *)NULL)
----------
------------------------------------------------------------------------
[2008-01-28 23:52:53] [EMAIL PROTECTED]
Traced it down to another "security" bug in Solaris. The problem is
that the IP: 78.130.136.12 does not reverse and forward to the same
address. The below C code will not return a reverse lookup either.
This appears to be a low-level Solaris specific security measure (bug
IMHO) in gethostbyaddr() to stop the resolution of fake DNS info.
Snooping, the network traffic on the lookup you can see it doing a
reverse, then a forward to check the accuracy of the reverse:
DNS C 12.136.130.78.in-addr.arpa. Internet PTR ?
DNS R 12.136.130.78.in-addr.arpa. Internet PTR atlantis.botevgrad.com.
DNS C atlantis.botevgrad.com. Internet Addr ?
DNS R atlantis.botevgrad.com. Internet Addr 212.116.131.138
I'll mark this one as bogus in a few days, unless anyone else can come
up with a good way to get around this?
----- gethostbyaddr() test code (need -lresolv and -lnsl)
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
typedef struct in_addr in_addr;
typedef struct hostent hostent;
int
main (void)
{
auto in_addr addr;
register hostent const *hp;
inet_aton ("78.130.136.12", &addr);
hp = gethostbyaddr ((char const *)&addr, sizeof addr, AF_INET);
herror("resolver error");
if (hp)
printf ("%s\n", hp->h_name);
else
printf ("No Reverse DNS for %s\n", inet_ntoa (addr));
return 0;
}
------------------------------------------------------------------------
[2008-01-28 23:38:58] [EMAIL PROTECTED]
Cannot reproduce:
php -r 'var_dump(gethostbyaddr("78.130.136.12"));'
string(22) "atlantis.botevgrad.com"
------------------------------------------------------------------------
[2008-01-28 14:16:09] [EMAIL PROTECTED]
Confirmed bug in 5CVS.
------------------------------------------------------------------------
[2008-01-28 13:43:13] [EMAIL PROTECTED]
Confirmed under Solaris 9 and Solaris 10 too.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/43853
--
Edit this bug report at http://bugs.php.net/?id=43853&edit=1
