On Fri, 3 Sep 1999, Tilman Schmidt wrote:
]At 10:25 03.09.99 +0200, Jens-S. Voeckler wrote:
]>That is wrong, Squid uses the system's resolver library, and if your
]>system's resolver supports it, Squid does support it. Which is true for
]>most resolvers.
]
]But Squid appends the "append_domain" configuration value
]to every hostname that doesn't contain a dot, which prevents
]the resolver from interpreting it as a dotless IP address.
Yes, but that is not the default. It is, what you configured.
]"Handling" dotless IP addresses would require Squid to
]recognize pure digit strings in the host part of URLs, and
]refrain from appending append_domain to them.
Nope, if "append_domain" is not set, Squid turns over the digit string to
inet_addr() to see, if it might be an address, and magically, a value
other than -1 returns, signalling that this was, indeed, a valid ip
address.
]> And it is not a bug of the resolver, but a "feature". Just
]>typing "12." is a shortcut meaning "12.0.0.0", and "12.1" a shortcut for
]>"12.0.0.1", etc.
]
]These examples they contain at least one dot, and all the
]numbers are less than 256. But I maintain that the resolver
]should not interpret a digit string without any dots as a
]numeric IP address. That behaviour conflicts with the
]documentation, it is counterintuitive, and it has negative
]security implications. What more do you need to call it a bug?
The "bug" is that the resolver except numbers larger than 255. BTW,
feeding just "12" into the resolver is an alias for "0.0.0.12".
Le deagh dhùrachd,
Dipl.-Ing. Jens-S. Vöckler (voeckler@rvs.uni-hannover.de)
Institute for Computer Networks and Distributed Systems
University of Hanover, Germany; +49 511 762 4726
Received on Fri Sep 03 1999 - 04:32:33 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:14 MST