[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
potential resolver vulnerability?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: potential resolver vulnerability?
- From: John Miller <johnm_(_at_)_CHI-LLC_(_dot_)_com>
- Date: Wed, 26 Jun 2002 14:35:04 -0700
On the FreeBSD security mailing list they have released an advisory against a buffer overflow in resolver.
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=927832+0+current/freebsd-security
After looking over their patch:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch
I started playing around with porting it to OpenBSD, here's what I have so far:
resolver.patch
Apply by doing:
cd /usr/src/lib/libc/net
patch -p0 <resolver.patch
cd /usr/src
make build?
=======================================================================
--- gethostnamadr.c Sun Feb 17 11:42:23 2002
+++ gethostnamadr.c Wed Jun 26 13:44:17 2002
@@ -378,6 +378,7 @@
buflen -= nn;
}
+ buflen -= sizeof(align) - ((u_long)bp % sizeof(align));
bp += sizeof(align) - ((u_long)bp % sizeof(align));
if (bp + n >= &hostbuf[sizeof hostbuf]) {
--- getnetnamadr.c Sat Feb 16 13:27:23 2002
+++ getnetnamadr.c Wed Jun 26 13:51:13 2002
@@ -201,7 +201,9 @@
}
cp += n;
*ap++ = bp;
- bp += strlen(bp) + 1;
+ n = strlen(bp) + 1;
+ bp += n;
+ buflen -= n;
net_entry.n_addrtype =
(class == C_IN) ? AF_INET : AF_UNSPEC;
haveanswer++;
Does this vulnerability effect the OpenBSD resolver, and if so am I even on the right track here? Considering that I know nothing of C programming I wont be surprised at all when people start telling how fskd I am :).
Visit your host, monkey.org