[asterisk-dev] [Code Review] Add getnameinfo() to ast_sockaddr_resolve()
Benny Amorsen
benny+usenet at amorsen.dk
Tue May 3 16:05:39 CDT 2011
Simon Perreault <simon.perreault at viagenie.ca> writes:
> An idea: we could apply a check (regex?) on the host name and warn if it
> "strange", e.g. only digits.
The challenge is that Asterisk has a syntax which does not make it clear
whether you are trying to dial an existing peer or just an unknown
IP/hostname. This causes security issues -- if a peer does not
exist for some reason, e.g. a database problem with realtime, you risk
that Asterisk makes a call to a device you do not control. The problem
only gets larger whenever a new valid syntax is added to getaddrinfo and
whenever a new top level domain is added.
It also causes Asterisk to do unnecessary DNS lookups which can block
Asterisk for an extended time if the DNS server is slow to respond.
Unfortunately the only real solution is to change the syntax of Dial().
This is not likely to happen.
/Benny
More information about the asterisk-dev
mailing list