Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20250219205617.7a4dc158@atlas-11>
Date: Wed, 19 Feb 2025 20:56:17 +0000
From: Denis Ovsienko <denis@...ienko.info>
To: musl@...ts.openwall.com
Subject: musl libc seems to use case-sensitive comparison for hostnames in
 /etc/hosts

Hello all.

$ /usr/lib/libc.so 
musl libc (aarch64)
Version 1.2.5
Dynamic Program Loader
Usage: /usr/lib/libc.so [options] [--] pathname [args]

As far as I can tell, musl libc has a bug in Internet hostnames
processing, in that it uses case-sensitive string comparison on
hostnames that it reads from /etc/hosts.  This does not apply to
hostnames it resolves using DNS.

The problem seems to be somewhere around name_from_hosts() in
src/network/lookup_name.c.  In any case, no musl code under
src/network/ uses strcasecmp(), which hints at a likely root cause: by
design using strcmp() to compare Internet hostnames will work correctly
for a fraction of hostnames only.

One way to reproduce the problem is as follows:

$ grep -i noeth-ipv4-noipv6.host123.libpcap.test /etc/hosts
10.20.30.40 noeth-ipv4-noipv6.host123.libpcap.test

$ ping -n -c1 noeth-ipv4-noipv6.host123.libpcap.test
PING noeth-ipv4-noipv6.host123.libpcap.test (10.20.30.40): 56 data bytes

--- noeth-ipv4-noipv6.host123.libpcap.test ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

$ ping -n -c1 NOETH-IPV4-NOIPV6.HOST123.LIBPCAP.TEST
ping: bad address 'NOETH-IPV4-NOIPV6.HOST123.LIBPCAP.TEST'

$ ping -n -c1 tcpdump.org
PING tcpdump.org (195.22.157.118): 56 data bytes
64 bytes from 195.22.157.118: seq=0 ttl=42 time=11.420 ms

--- tcpdump.org ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 11.420/11.420/11.420 ms

$ ping -n -c1 TCPDUMP.ORG
PING TCPDUMP.ORG (195.22.157.118): 56 data bytes
64 bytes from 195.22.157.118: seq=0 ttl=42 time=11.306 ms

--- TCPDUMP.ORG ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 11.306/11.306/11.306 ms


(The ping above is actually busybox because it is Alpine Linux.)  This
reproduces exactly the same using libpcap, which uses getaddrinfo().
However, curl and ssh manage to resolve the upper case version of the
same hostname.  In the case of ssh it seems it lower-cases the hostname
before the lookup, because placing an upper-cased hostname into
/etc/hosts prevents ssh from resolving it:

$ grep -i somehost /etc/hosts
10.20.30.40 SOMEHOST

$ ssh somehost
ssh: Could not resolve hostname somehost: Name does not resolve

$ ssh SOMEHOST
ssh: Could not resolve hostname somehost: Name does not resolve

That said, curl seems more robust and manages to resolve the hostname
whichever the letter case on the command line and in /etc/hosts, so it
seems to be using a different resolver library.

Please review and confirm.

-- 
    Denis Ovsienko

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.