Only conditionally resolve hosts in nsm-should-check

Libraries like `socks' need to run `nsm-verify-connection' without performing DNS lookups. This change allows them to achieve this by binding `nsm-trust-local-network' to nil around calls to that function. * lisp/net/nsm.el (nsm-should-check): Rework in a functionally equivalent way, except forgo calling both `network-lookup-address-info' and `network-interface-list' unless the various conditions regarding `nsm-trust-local-network' are first satisfied. Replace `mapc' with `dolist' to align with modern sensibilities. (Bug#53941)
2022-02-14 02:36:57 -08:00 · 2022-02-14 02:36:57 -08:00 · 50deb59aae
commit 50deb59aae
parent 865b54e2ac
1 changed files with 12 additions and 21 deletions
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@ -226,27 +226,18 @@ If `nsm-trust-local-network' is or returns non-nil, and if the
 host address is a localhost address, or in the same subnet as one
 of the local interfaces, this function returns nil.  Non-nil
 otherwise."
-  (let ((addresses (network-lookup-address-info host))
-        (network-interface-list (network-interface-list t))
-        (off-net t))
-    (when
-     (or (and (functionp nsm-trust-local-network)
-              (funcall nsm-trust-local-network))
-         nsm-trust-local-network)
-     (mapc
-      (lambda (ip)
-        (mapc
-         (lambda (info)
-           (let ((local-ip (nth 1 info))
-                 (mask (nth 3 info)))
-             (when
-                 (nsm-network-same-subnet (substring local-ip 0 -1)
-                                          (substring mask 0 -1)
-                                          (substring ip 0 -1))
-               (setq off-net nil))))
-         network-interface-list))
-      addresses))
-     off-net))
+  (not (and-let* (((or (and (functionp nsm-trust-local-network)
+                            (funcall nsm-trust-local-network))
+                       nsm-trust-local-network))
+                  (addresses (network-lookup-address-info host))
+                  (network-interface-list (network-interface-list t)))
+         (catch 'nsm-should-check
+           (dolist (ip addresses)
+             (dolist (info network-interface-list)
+               (when (nsm-network-same-subnet (substring (nth 1 info) 0 -1)
+                                              (substring (nth 3 info) 0 -1)
+                                              (substring ip 0 -1))
+                 (throw 'nsm-should-check t))))))))

 (defun nsm-check-tls-connection (process host port status settings)
  "Check TLS connection against potential security problems.