[libvirt PATCH] conf: network: remove hostname validation

Ján Tomko jtomko at redhat.com
Mon Jan 31 12:27:16 UTC 2022 

On a Sunday in 2022, Laine Stump wrote:
>On 1/27/22 4:33 PM, Ján Tomko wrote:
>>We used to validate that the first character of the hostname is a
>>letter. Later, RFC1123 relaxed the requirements to allow a number
>>as well.
>>
>>Drop the validation completely, since we do not care about the
>>following characters, and neither does dnsmasq (even if it's a comma,
>>which is a delimiter in the hosts file).
>
>Was there some discussion somewhere that prompted this patch (and thus 
>invalidates the opinion I'm about to spout)? The only email I could 
>find about it was the email of the "reverted" patch itself (sent by 
>Peter on behalf of the author, with r-b given in the same email).
>
>My opinion is that if a current RFC restricts the first letter of a 
>hostname,

It restricts all of the characters, not just the first one.
But in the past we only checked for one specific restriction of the
first character, that it is a letter. So I believe the better way
to remove the restriction is to remove the first check, not add a new
one.

I am unsure where the restriction came from (looking at the dates of
the RFCs the "reverted" commit references, I was too young to care at
the time.) The libvirt commit:

   commit b73d4957540938a61b95bd30696efa6553d14b5f
   CommitDate: 2008-08-20 12:50:29 +0000

     * src/network_conf.c src/network_conf.h src/qemu_driver.c: allow to
       add static host definition for dnsmasq

added the check with no explanation.

 From RFC 952 (Oct 1985):
The old check enforced one specific restriction
       <hname> ::= <name>*["."<name>]
       <name>  ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]
RFC 1123 (Oct 1989):
       The syntax of a legal Internet host name was specified in RFC-952
       [DNS:4].  One aspect of host name syntax is hereby changed: the
       restriction on the first character is relaxed to allow either a
       letter or a digit.  Host software MUST support this more liberal
       syntax.

So, someone could add a validation for all of these constraints,
but I have not verified whether non-compliant hostnames actually
are broken with dnsmasq.

>then we should validate that too, *especially* if dnsmasq 
>doesn't; who knows what entity beyond dnsmasq will barf on it in some 
>way, and the closer to the source the non-compliance is reported, the 
>easier it will be to fix. (Additionally, it's easy to remove extra 
>validation, but much more difficult to add it back later if we decide 
>it shouldn't have been removed)
>

Right, we don't seem to have a separate validation step for network
parsing at the moment so adding a new check would be tedious.
But as-is, this check is pointless.

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20220131/576dc918/attachment-0001.sig>

More information about the libvir-list mailing list