BIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set
authorTomas Mraz <tmraz@fedoraproject.org>
Mon, 5 Aug 2019 17:11:07 +0000 (19:11 +0200)
committerTomas Mraz <tmraz@fedoraproject.org>
Tue, 13 Aug 2019 09:40:55 +0000 (11:40 +0200)
Do not try to discern the error return value on
getaddrinfo() failure but when retrying set the AI_NUMERICHOST
to avoid DNS lookups.

Fixes: #9053

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)

crypto/bio/b_addr.c

index 4736633..511d9c1 100644 (file)
@@ -709,20 +709,14 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
         case 0:
             ret = 1;             /* Success */
             break;
-# if (defined(EAI_FAMILY) || defined(EAI_ADDRFAMILY)) && defined(AI_ADDRCONFIG)
-#  ifdef EAI_FAMILY
-        case EAI_FAMILY:
-#  endif
-#  ifdef EAI_ADDRFAMILY
-        case EAI_ADDRFAMILY:
-#  endif
+        default:
+# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST)
             if (hints.ai_flags & AI_ADDRCONFIG) {
                 hints.ai_flags &= ~AI_ADDRCONFIG;
+                hints.ai_flags |= AI_NUMERICHOST;
                 goto retry;
             }
 # endif
-            /* fall through */
-        default:
             BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
             ERR_add_error_data(1, gai_strerror(gai_ret));
             break;