Re: [libvirt PATCH] conf: network: remove hostname validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On a Sunday in 2022, Laine Stump wrote:

On 1/27/22 4:33 PM, Ján Tomko wrote:

We used to validate that the first character of the hostname is a
letter. Later, RFC1123 relaxed the requirements to allow a number
as well.

Drop the validation completely, since we do not care about the
following characters, and neither does dnsmasq (even if it's a comma,
which is a delimiter in the hosts file).
Was there some discussion somewhere that prompted this patch (and thus invalidates the opinion I'm about to spout)? The only email I could find about it was the email of the "reverted" patch itself (sent by Peter on behalf of the author, with r-b given in the same email).
My opinion is that if a current RFC restricts the first letter of a hostname, 

It restricts all of the characters, not just the first one.
But in the past we only checked for one specific restriction of the
first character, that it is a letter. So I believe the better way
to remove the restriction is to remove the first check, not add a new
one.

I am unsure where the restriction came from (looking at the dates of
the RFCs the "reverted" commit references, I was too young to care at
the time.) The libvirt commit:

  commit b73d4957540938a61b95bd30696efa6553d14b5f
  CommitDate: 2008-08-20 12:50:29 +0000

    * src/network_conf.c src/network_conf.h src/qemu_driver.c: allow to
      add static host definition for dnsmasq

added the check with no explanation.

From RFC 952 (Oct 1985):
The old check enforced one specific restriction
      <hname> ::= <name>*["."<name>]
      <name>  ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]
RFC 1123 (Oct 1989):
      The syntax of a legal Internet host name was specified in RFC-952
      [DNS:4].  One aspect of host name syntax is hereby changed: the
      restriction on the first character is relaxed to allow either a
      letter or a digit.  Host software MUST support this more liberal
      syntax.

So, someone could add a validation for all of these constraints,
but I have not verified whether non-compliant hostnames actually
are broken with dnsmasq.
then we should validate that too, *especially* if dnsmasq doesn't; who knows what entity beyond dnsmasq will barf on it in some way, and the closer to the source the non-compliance is reported, the easier it will be to fix. (Additionally, it's easy to remove extra validation, but much more difficult to add it back later if we decide it shouldn't have been removed) 



Right, we don't seem to have a separate validation step for network
parsing at the moment so adding a new check would be tedious.
But as-is, this check is pointless.

Jano

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux