From: osman@... Date: 2015-12-23T01:37:23+00:00 Subject: [ruby-core:72446] [Ruby trunk - Bug #11864] [Open] Resolv incorrectly accepts invalid hostnames and caches records between sessions Issue #11864 has been reported by Osman Surkatty. ---------------------------------------- Bug #11864: Resolv incorrectly accepts invalid hostnames and caches records between sessions https://bugs.ruby-lang.org/issues/11864 * Author: Osman Surkatty * Status: Open * Priority: Normal * Assignee: * ruby -v: ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14] * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN ---------------------------------------- Hello, While working on a DNS related project I noticed that Resolv's getaddresses() and getaddress() functions will incorrectly accepts an empty String and additionally returns a cached record if a new IRB session is invoked. Resolv correctly rejects nil or empty arguments, but I believe the issue here is that the validation of String should require at a minimum a single valid String character. Here is an example of what I mean: $ irb irb(main):001:0> RUBY_VERSION => "2.2.3" irb(main):002:0> require 'resolv' => true irb(main):003:0> Resolv.getaddresses("surkatty.org") => ["54.244.9.126"] irb(main):004:0> Resolv.getaddresses("example.com") => ["93.184.216.34"] irb(main):005:0> Resolv.getaddresses("NX") => [] irb(main):006:0> Resolv.getaddresses("") => ["54.244.9.126"] irb(main):007:0> Resolv.getaddresses() ArgumentError: wrong number of arguments (0 for 1) from /usr/local/Cellar/ruby/2.2.3/lib/ruby/2.2.0/resolv.rb:48:in `getaddresses' from (irb):7 from /usr/local/bin/irb:11:in `
' irb(main):008:0> On line 006:0, I would have expected Resolv.getaddresses("") to return either: 1. Raise an ArgumentError or some other indicating an invalid String was passed 2. Return an empty Array I've also attached a screenshot from my commandline showing the output between IRB sessions as well. ---Files-------------------------------- dns.png (71.5 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: