[PATCH] iptables: Replace gethostbyname() with getaddrinfo()

[PATCH] iptables: Replace gethostbyname() with getaddrinfo()

[Arpan Kapoor]

Make the function host_to_ipaddr() similar to host_to_ip6addr(),
using getaddrinfo() instead of the obsoleted gethostbyname().

Signed-off-by: Arpan Kapoor <rpnkpr@gmail.com>
---
 libxtables/xtables.c | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index fe24caa..1c6684d 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1353,22 +1353,36 @@ static struct in_addr *network_to_ipaddr(const char *name)
 
 static struct in_addr *host_to_ipaddr(const char *name, unsigned int *naddr)
 {
-	struct hostent *host;
 	struct in_addr *addr;
+	struct addrinfo hints;
+	struct addrinfo *res, *p;
+	int err;
 	unsigned int i;
 
-	*naddr = 0;
-	if ((host = gethostbyname(name)) != NULL) {
-		if (host->h_addrtype != AF_INET ||
-		    host->h_length != sizeof(struct in_addr))
-			return NULL;
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_flags    = AI_CANONNAME;
+	hints.ai_family   = AF_INET;
+	hints.ai_socktype = SOCK_RAW;
 
-		while (host->h_addr_list[*naddr] != NULL)
+	*naddr = 0;
+	if ((err = getaddrinfo(name, NULL, &hints, &res)) != 0) {
+#ifdef DEBUG
+		fprintf(stderr,"Name2IP: %s\n",gai_strerror(err));
+#endif
+		return NULL;
+	} else {
+		for (p = res; p != NULL; p = p->ai_next)
 			++*naddr;
+#ifdef DEBUG
+		fprintf(stderr, "resolved: len=%d  %s ", res->ai_addrlen,
+		        xtables_ipaddr_to_numeric(&((struct sockaddr_in *)res->ai_addr)->sin_addr));
+#endif
 		addr = xtables_calloc(*naddr, sizeof(struct in_addr));
-		for (i = 0; i < *naddr; i++)
-			memcpy(&addr[i], host->h_addr_list[i],
+		for (i = 0, p = res; p != NULL; p = p->ai_next)
+			memcpy(&addr[i++],
+			       &((const struct sockaddr_in *)p->ai_addr)->sin_addr,
 			       sizeof(struct in_addr));
+		freeaddrinfo(res);
 		return addr;
 	}
 
-- 
2.7.3

Re: [PATCH] iptables: Replace gethostbyname() with getaddrinfo()

[Jan Engelhardt]

On Thursday 2016-03-17 13:57, Arpan Kapoor wrote:

>Make the function host_to_ipaddr() similar to host_to_ip6addr(),
>using getaddrinfo() instead of the obsoleted gethostbyname().

You should just remove host_to_ipaddr and ipparse_hostnetwork,
because nothing appears to be using them anymore. Everything
switched to xtopt_parse_host.

Re: [PATCH] iptables: Replace gethostbyname() with getaddrinfo()

[Arpan Kapoor]

On Thu, Mar 17, 2016 at 02:44:00PM +0100, Jan Engelhardt wrote:
> 
> You should just remove host_to_ipaddr and ipparse_hostnetwork,
> because nothing appears to be using them anymore. Everything
> switched to xtopt_parse_host.

ipparse_hostnetwork is utilized by xtables_ipparse_any and
xtables_ipparse_multiple which are being used by
1) arpmangle_parse (extensions/libarpt_mangle.c)
2) do_command4 (iptables/iptables.c)
3) nft_ipv4_post_parse (iptables/nft-ipv4.c)

Excuse me if I'm missing something. I'm new to the codebase
and this is my first patch.

Re: [PATCH] iptables: Replace gethostbyname() with getaddrinfo()

[Pablo Neira Ayuso]

On Thu, Mar 17, 2016 at 06:27:19PM +0530, Arpan Kapoor wrote:
> Make the function host_to_ipaddr() similar to host_to_ip6addr(),
> using getaddrinfo() instead of the obsoleted gethostbyname().

Applied, thanks.