#43853 [Fbk->Opn]: Some IP addresses are note resolved by gethostbyaddr()

ab5602 Mon, 28 Jan 2008 15:53:02 -0800

 ID:               43853
 Updated by:       [EMAIL PROTECTED]
 Reported By:      radonov at ecad dot tu-sofia dot bg
-Status:           Feedback
+Status:           Open
 Bug Type:         Network related
 Operating System: Solaris
 PHP Version:      4.4.8, 5CVS
 Assigned To:      ab5602
 New Comment:


Traced it down to another "security" bug in Solaris.  The problem is
that the IP: 78.130.136.12 does not reverse and forward to the same
address.  The below C code will not return a reverse lookup either. 
This appears to be a low-level Solaris specific security measure (bug
IMHO) in gethostbyaddr() to stop the resolution of fake DNS info.

Snooping, the network traffic on the lookup you can see it doing a
reverse, then a forward to check the accuracy of the reverse:

DNS C 12.136.130.78.in-addr.arpa. Internet PTR ?
DNS R 12.136.130.78.in-addr.arpa. Internet PTR atlantis.botevgrad.com.
DNS C atlantis.botevgrad.com. Internet Addr ?
DNS R atlantis.botevgrad.com. Internet Addr 212.116.131.138

I'll mark this one as bogus in a few days, unless anyone else can come
up with a good way to get around this?

----- gethostbyaddr() test code (need -lresolv and -lnsl)

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>

typedef struct in_addr in_addr;
typedef struct hostent hostent;

int
main (void)
{
  auto in_addr addr;
  register hostent const *hp;

  inet_aton ("78.130.136.12", &addr);
  hp = gethostbyaddr ((char const *)&addr, sizeof addr, AF_INET);
  herror("resolver error");
  
  if (hp)
    printf ("%s\n", hp->h_name);
  else
    printf ("No Reverse DNS for %s\n",  inet_ntoa (addr));

  return 0;
}


Previous Comments:
------------------------------------------------------------------------

[2008-01-28 23:38:58] [EMAIL PROTECTED]

Cannot reproduce:
php -r 'var_dump(gethostbyaddr("78.130.136.12"));'
string(22) "atlantis.botevgrad.com"

------------------------------------------------------------------------

[2008-01-28 14:16:09] [EMAIL PROTECTED]

Confirmed bug in 5CVS.

------------------------------------------------------------------------

[2008-01-28 13:43:13] [EMAIL PROTECTED]

Confirmed under Solaris 9 and Solaris 10 too.



------------------------------------------------------------------------

[2008-01-15 09:23:25] radonov at ecad dot tu-sofia dot bg

Description:
------------
Some IP addresses are note resolved by gethostbyaddr() under Solaris 8.
Solrais nslookup resolves the addresses normaly.

Reproduce code:
---------------
var_dump(gethostbyaddr('78.130.136.12'));
The result is:
string(13) "78.130.136.12"

Expected result:
----------------
The result should be:
string(22) "atlantis.botevgrad.com"



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=43853&edit=1

#43853 [Fbk->Opn]: Some IP addresses are note resolved by gethostbyaddr()

Reply via email to