X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/8665dceb5cf2a197ae270b08066f05c8a2870223..f378b41f9ab2493bcbc5892d482b18826b0b84c0:/methods/connect.cc

diff --git a/methods/connect.cc b/methods/connect.cc
index c819c1dfb..f6fb14769 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -63,6 +63,8 @@ void RotateDNS()
 									/*}}}*/
 static bool ConnectionAllowed(char const * const Service, std::string const &Host)/*{{{*/
 {
+   if (unlikely(Host.empty())) // the only legal empty host (RFC2782 '.' target) is detected by caller
+      return false;
    if (APT::String::Endswith(Host, ".onion") && _config->FindB("Acquire::BlockDotOnion", true))
    {
       // TRANSLATOR: %s is e.g. Tor's ".onion" which would likely fail or leak info (RFC7686)
@@ -180,8 +182,10 @@ static bool ConnectToHostname(std::string const &Host, int const Port,
       memset(&Hints,0,sizeof(Hints));
       Hints.ai_socktype = SOCK_STREAM;
       Hints.ai_flags = 0;
+#ifdef AI_IDN
       if (_config->FindB("Acquire::Connect::IDN", true) == true)
 	 Hints.ai_flags |= AI_IDN;
+#endif
       // see getaddrinfo(3): only return address if system has such a address configured
       // useful if system is ipv4 only, to not get ipv6, but that fails if the system has
       // no address configured: e.g. offline and trying to connect to localhost.
@@ -296,7 +300,13 @@ bool Connect(std::string Host,int Port,const char *Service,
    {
       SrvRecords.clear();
       if (_config->FindB("Acquire::EnableSrvRecords", true) == true)
+      {
          GetSrvRecords(Host, DefPort, SrvRecords);
+	 // RFC2782 defines that a lonely '.' target is an abort reason
+	 if (SrvRecords.size() == 1 && SrvRecords[0].target.empty())
+	    return _error->Error("SRV records for %s indicate that "
+		  "%s service is not available at this domain", Host.c_str(), Service);
+      }
    }
 
    size_t stackSize = 0;