upstream: DNS0x20[1] can randomise the case of domain names returned by

djmdjm · djmdjm · commit df18979e1137 · 2026-05-31T16:03:47.000+10:00
lookup to force some more uniqueness in queries to reduce the likelihood of spoofing attacks succeeding. Normally this should be hidden from the user by the resolver, but in some cases it can leak through. When it does, it can mess up ssh's CanonicalizePermittedCNAMEs. Fix this by forcing the name we received from the system resolver to lowercase. bz3966, report and fix by Martin D Kealey [1] https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 OpenBSD-Commit-ID: e0b300d3b3af289e053d928380af71949f95bfb0
diff --git a/ssh.c b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.631 2026/05/31 04:24:39 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.632 2026/05/31 05:55:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -399,6 +399,7 @@ check_follow_cname(int direct, char **namep, const char *cname)
 		    "\"%s\" => \"%s\"", *namep, cname);
 		free(*namep);
 		*namep = xstrdup(cname);
+		lowercase(*namep);
 		return 1;
 	}
 	return 0;
