CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/30 23:55:21
Modified files:
usr.bin/ssh : ssh.c
Log message:
DNS0x20[1] can randomise the case of domain names returned by lookup
to force some more uniqueness in queries to reduce the likelihood
of spoofing attacks succeeding.
Normally this should be hidden from the user by the resolver, but
in some cases it can leak through. When it does, it can mess up
ssh's CanonicalizePermittedCNAMEs.
Fix this by forcing the name we received from the system resolver to
lowercase.
bz3966, report and fix by Martin D Kealey
[1] https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00
