disable caching in BIO_gethostbyname

diff --git a/CHANGES b/CHANGES
index f04945168c9d3a05e6feac7ea57c2caa71b79e25..6e9c072ab338bde7b6a48b7d9ad005b780e2adaf 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]
 
+  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+     instead.  BIO_gethostbyname() does not know what timeouts are
+     appropriate, so entries would stay in cache even when they hade
+     become invalid.
+     [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
+
   *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
      faced with a pathologically small ClientHello fragment that does
      not contain client_version: Instead of aborting with an error,

diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index 62cc3f1a0c81e0a720dbf604bb37d79bb56e2b66..d1398952b533d50af6051c0878a100619c85de5d 100644 (file)
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -345,18 +345,23 @@ static void ghbn_free(struct hostent *a)
 
 struct hostent *BIO_gethostbyname(const char *name)
        {
+#if 1
+       /* Caching gethostbyname() results forever is wrong,
+        * so we have to let the true gethostbyname() worry about this */
+       return gethostbyname(name);
+#else
        struct hostent *ret;
        int i,lowi=0,j;
        unsigned long low= (unsigned long)-1;
 
-/*     return(gethostbyname(name)); */
 
-#if 0 /* It doesn't make sense to use locking here: The function interface
-          * is not thread-safe, because threads can never be sure when
-          * some other thread destroys the data they were given a pointer to.
-          */
+#  if 0
+       /* It doesn't make sense to use locking here: The function interface
+        * is not thread-safe, because threads can never be sure when
+        * some other thread destroys the data they were given a pointer to.
+        */
        CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-#endif
+#  endif
        j=strlen(name);
        if (j < 128)
                {
@@ -384,20 +389,21 @@ struct hostent *BIO_gethostbyname(const char *name)
                 * parameter is 'char *', instead of 'const char *'
                 */
                ret=gethostbyname(
-#ifndef CONST_STRICT
+#  ifndef CONST_STRICT
                    (char *)
-#endif
+#  endif
                    name);
 
                if (ret == NULL)
                        goto end;
                if (j > 128) /* too big to cache */
                        {
-#if 0 /* If we were trying to make this function thread-safe (which
-          * is bound to fail), we'd have to give up in this case
-          * (or allocate more memory). */
+#  if 0
+                       /* If we were trying to make this function thread-safe (which
+                        * is bound to fail), we'd have to give up in this case
+                        * (or allocate more memory). */
                        ret = NULL;
-#endif
+#  endif
                        goto end;
                        }
 
@@ -421,12 +427,14 @@ struct hostent *BIO_gethostbyname(const char *name)
                ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
                }
 end:
-#if 0
+#  if 0
        CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-#endif
+#  endif
        return(ret);
+#endif
        }
 
+
 int BIO_sock_init(void)
        {
 #ifdef WINDOWS