[PATCH] Use getaddrinfo() with AI_CANONNAME flag to resolve canonical name in SSPI authentication code

Ivan Zhakov ivan at visualsvn.com
Mon Oct 3 08:39:09 EDT 2011

On Fri, Sep 2, 2011 at 18:01, Joe Orton <joe at manyfish.co.uk> wrote:
> On Tue, Jul 12, 2011 at 12:29:18PM +0400, Ivan Zhakov wrote:
>> On Tue, Jun 7, 2011 at 18:49, Ivan Zhakov <ivan at visualsvn.com> wrote:
>> > Hi,
>> >
>> > We found that neon can freeze for several seconds when trying to do
>> > reverse lookup to resolve canonical name to build SPN name for SSPI
>> > authentication, when reverse lookup is not configured on DNS. The
>> > better way to resolve canonical hostname is to use getaddrinfo()
>> > function with AI_CANNONNAME flag. The attached patch fixes this issue.
>> >
>> > PS: getaddrinfo() is already available since Windows 2000.
>> >
>> Ping? Any chance to get this patch reviewed and committed?
> Hi Ivan, sorry for the slow reply.
> I'd rather thread the AI_CANONNAME through the ne_addr_* code... I have
> tried that in the trunk r1852 and r1853 - are you able to test that?  (I
> have not tested the changes to ne_sspi.c to compile/work)
Hi Joe, sorry for slow reply :)

I've tested neon with your fixes and the problem seems to be fixed
now. I've also looked through the code: I didn't find anything
critical, the only potential problem is in
    if (flags == NE_ADDR_CANON) {
        hints.ai_flags = AI_CANONNAME;

I think it would be better to replace it to bitmask comparision, since
flags seems to be bit parameter. I meant:
    if (flags & NE_ADDR_CANON) {
        hints.ai_flags = AI_CANONNAME;

Ivan Zhakov

More information about the neon mailing list