Dennis Poon wrote:
when using lnet to connect to a remote server at DomainName : Port e.g.
yahoo.com : 80
in file lCommon.pp line 492:
function StrToNetAddr(const IP : String) : Sockets.in_addr;inline;
begin
result := Sockets.StrToNetAddr(IP);
end;
The above function did not raise exception when the IP parameter is a
null string, which is the return value of a failed DNSlookup of a domain
name.
You shouldn't be looking up a /domain/ name, you should be looking up a
/host/ name. If this fails then you should be looking more closely at
the parameter, e.g. it might refer to a host which doesn't exist or it
might refer to a local host which needs to be qualified by the local
domain name.
The consequence is grave!
When the DNS lookup fails, it returns a null IP string which the
StrToNetAddr converts to the 0.0.0.0 IPv4.sin_Addr structure without
raising any exception. If the local computer happens to have a port
listening at port 80, it just connects to the port 80 of the local
machine whenever the DNS lookup of the target domain fails!!!
From past experience, the lnet author non longer responds to the any
bug report,
I must say that that is not my experience. I've previously raised lnet
issues and contributed patches via Mantis, and found the response both
prompt and enthusiastic.
I am only mentioning this bug here so that other lnet users
won't have to find out this bug the hard way (3 days of looking for bug
in the wrong places) like I did.
The fix is simple, so I will modify the code myself but just hope every
new users of lnet can apply this fix before they use lnet.
If I understand things correctly, 0.0.0.0 is a reserved network (as
distinct from host) address so there is no circumstance in which you
should be attempting to connect to it. Your local system (localhost) is
normally 127.0.0.1, depending on the subnet mask 0.0.0.0 could be
interpreted as "the Class A network" or "the entire Internet".
So to summarise, in my opinion at least the 0.0.0.0 is a valid return,
and you should be looking more carefully at intermediate values and- in
particular- validating parameters fed to the program by the user.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
