[16306] in Kerberos-V5-bugs
[krbdev.mit.edu #8809] Do not call getaddrinfo() with invalid
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Fri May 24 01:56:20 2019
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: Greg Hudson via RT <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8809@krbdev.mit.edu>
Message-ID: <rt-8809-49445.13.8249884046576@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8809'":;
Date: Fri, 24 May 2019 01:56:12 -0400
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
This seems reasonable. I did a few minutes of research to see if we'd
be breaking any IDN scenarios, and I don't think so. We don't pass
AI_IDN to getaddrinfo(), so getaddrinfo won't be doing any encoding
into ACE, and we obviously don't do our own encoding. An application
could, in theory, encode an IDN to ACE before importing a GSS name, but
if it does that then hostname validation will succeed.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
