From: djm <djm@openbsd.org>
Date: Fri, 16 Oct 2015 18:40:49 +0000 (+0000)
Subject: better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in hostname
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=aa72f93a79927437ad030f77417409cf05657654;p=openbsd

better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in hostname
canonicalisation - treat them as already canonical and remove the
trailing '.' before matching ssh_config; ok markus@
---

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 56e1bf531fc..ace67f5991b 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.427 2015/10/15 23:51:40 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.428 2015/10/16 18:40:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -389,6 +389,17 @@ resolve_canonicalize(char **hostp, int port)
 		return addrs;
 	}
 
+	/* If domain name is anchored, then resolve it now */
+	if ((*hostp)[strlen(*hostp) - 1] == '.') {
+		debug3("%s: name is fully qualified", __func__);
+		fullhost = xstrdup(*hostp);
+		if ((addrs = resolve_host(fullhost, port, 0,
+		    newname, sizeof(newname))) != NULL)
+			goto found;
+		free(fullhost);
+		goto notfound;
+	}
+
 	/* Don't apply canonicalization to sufficiently-qualified hostnames */
 	ndots = 0;
 	for (cp = *hostp; *cp != '\0'; cp++) {
@@ -412,6 +423,7 @@ resolve_canonicalize(char **hostp, int port)
 			free(fullhost);
 			continue;
 		}
+ found:
 		/* Remove trailing '.' */
 		fullhost[strlen(fullhost) - 1] = '\0';
 		/* Follow CNAME if requested */
@@ -423,6 +435,7 @@ resolve_canonicalize(char **hostp, int port)
 		*hostp = fullhost;
 		return addrs;
 	}
+ notfound:
 	if (!options.canonicalize_fallback_local)
 		fatal("%s: Could not resolve host \"%s\"", __progname, *hostp);
 	debug2("%s: host %s not found in any suffix", __func__, *hostp);