[asterisk-dev] [Code Review] Add getnameinfo() to ast_sockaddr_resolve()
Eric "ManxPower" Wieling
eric at fnords.org
Tue May 3 19:56:25 CDT 2011
On 05/03/2011 04:55 PM, David Ruggles wrote:
> On Tue, May 3, 2011 at 5:05 PM, Benny Amorsen<benny+usenet at amorsen.dk>wrote:
>
>> Simon Perreault<simon.perreault at viagenie.ca> writes:
>>
>>> An idea: we could apply a check (regex?) on the host name and warn if it
>>> "strange", e.g. only digits.
>>
>> The challenge is that Asterisk has a syntax which does not make it clear
>> whether you are trying to dial an existing peer or just an unknown
>> IP/hostname. This causes security issues -- if a peer does not
>> exist for some reason, e.g. a database problem with realtime, you risk
>> that Asterisk makes a call to a device you do not control. The problem
>> only gets larger whenever a new valid syntax is added to getaddrinfo and
>> whenever a new top level domain is added.
>>
>> It also causes Asterisk to do unnecessary DNS lookups which can block
>> Asterisk for an extended time if the DNS server is slow to respond.
>>
>> Unfortunately the only real solution is to change the syntax of Dial().
>> This is not likely to happen.
>>
>>
>> /Benny
>>
>> Not trying to butt in, but have been following this with interest.
>
> What about adding a config option that requires all dial strings to be
> existing or defined peers? If not defined and config option is set, reject
> it instead of trying to resolve it. It seems like this could provide more
> security and eliminated overhead of unexpected DNS queries.
Do we need to support IP addresses that are not in quad dotted format?
I can't imagine anyone using them. A config file option could be
created to allow addresses that are not quad dotted.
More information about the asterisk-dev
mailing list