disable caching in BIO_gethostbyname

diff --git a/CHANGES b/CHANGES
index 54ca0cd059d172a082a7f9d4c0a0fcaaa0236832..8a01b58daeeb4eb05154a3fb92794051334fe4ed 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,12 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+     instead.  BIO_gethostbyname() does not know what timeouts are
+     appropriate, so entries would stay in cache even when they hade
+     become invalid.
+     [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
+
   +) New command line and configuration option 'utf8' for the req command.
      This allows field values to be specified as UTF8 strings.
      [Steve Henson]

diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index 5b66603d7d92a5982908dbde542d7042d737fe76..741ed27de6e49667cccd6196a01b76d01dcb3f2c 100644 (file)
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -345,18 +345,23 @@ static void ghbn_free(struct hostent *a)
 
 struct hostent *BIO_gethostbyname(const char *name)
        {
+#if 1
+       /* Caching gethostbyname() results forever is wrong,
+        * so we have to let the true gethostbyname() worry about this */
+       return gethostbyname(name);
+#else
        struct hostent *ret;
        int i,lowi=0,j;
        unsigned long low= (unsigned long)-1;
 
-/*     return(gethostbyname(name)); */
 
-#if 0 /* It doesn't make sense to use locking here: The function interface
-          * is not thread-safe, because threads can never be sure when
-          * some other thread destroys the data they were given a pointer to.
-          */
+#  if 0
+       /* It doesn't make sense to use locking here: The function interface
+        * is not thread-safe, because threads can never be sure when
+        * some other thread destroys the data they were given a pointer to.
+        */
        CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-#endif
+#  endif
        j=strlen(name);
        if (j < 128)
                {
@@ -384,20 +389,21 @@ struct hostent *BIO_gethostbyname(const char *name)
                 * parameter is 'char *', instead of 'const char *'
                 */
                ret=gethostbyname(
-#ifndef CONST_STRICT
+#  ifndef CONST_STRICT
                    (char *)
-#endif
+#  endif
                    name);
 
                if (ret == NULL)
                        goto end;
                if (j > 128) /* too big to cache */
                        {
-#if 0 /* If we were trying to make this function thread-safe (which
-          * is bound to fail), we'd have to give up in this case
-          * (or allocate more memory). */
+#  if 0
+                       /* If we were trying to make this function thread-safe (which
+                        * is bound to fail), we'd have to give up in this case
+                        * (or allocate more memory). */
                        ret = NULL;
-#endif
+#  endif
                        goto end;
                        }
 
@@ -421,12 +427,14 @@ struct hostent *BIO_gethostbyname(const char *name)
                ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
                }
 end:
-#if 0
+#  if 0
        CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-#endif
+#  endif
        return(ret);
+#endif
        }
 
+
 int BIO_sock_init(void)
        {
 #ifdef OPENSSL_SYS_WINDOWS