[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

potential resolver vulnerability?



On the FreeBSD security mailing list they have released an advisory against a buffer overflow in resolver.

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=927832+0+current/freebsd-security

After looking over their patch:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch 

I started playing around with porting it to OpenBSD, here's what I have so far:

resolver.patch

Apply by doing:
    cd /usr/src/lib/libc/net
    patch -p0 <resolver.patch
    cd /usr/src
    make build?
=======================================================================
--- gethostnamadr.c	Sun Feb 17 11:42:23 2002
+++ gethostnamadr.c	Wed Jun 26 13:44:17 2002
@@ -378,6 +378,7 @@
 				buflen -= nn;
 			}
 
+			buflen -= sizeof(align) - ((u_long)bp % sizeof(align));
 			bp += sizeof(align) - ((u_long)bp % sizeof(align));
 
 			if (bp + n >= &hostbuf[sizeof hostbuf]) {
--- getnetnamadr.c	Sat Feb 16 13:27:23 2002
+++ getnetnamadr.c	Wed Jun 26 13:51:13 2002
@@ -201,7 +201,9 @@
 			}
 			cp += n; 
 			*ap++ = bp;
-			bp += strlen(bp) + 1;
+			n = strlen(bp) + 1;
+			bp += n;
+			buflen -= n;
 			net_entry.n_addrtype =
 				(class == C_IN) ? AF_INET : AF_UNSPEC;
 			haveanswer++;



Does this vulnerability effect the OpenBSD resolver, and if so am I even on the right track here? Considering that I know nothing of C programming I wont be surprised at all when people start telling how fskd I am :).