Bug 16953

Summary: [PATCH] Fix argument overflow in dnsquery
Product: Base System Reporter: spock <spock>
Component: binAssignee: Kris Kennaway <kris>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description spock 2000-02-24 06:30:01 UTC 
dnsquery doesn't check domain name length and will write past buffer.

Fix: Apply patch. Merged from OpenBSD.
How-To-Repeat: dnsquery -h [5120]
or dnsquery [5120]
Comment 1 Kris Kennaway freebsd_committer freebsd_triage 2000-08-04 23:57:59 UTC 
Responsible Changed
From-To: freebsd-bugs->kris

I'll take this one.
Comment 2 Kris Kennaway freebsd_committer freebsd_triage 2000-08-04 23:58:27 UTC 
State Changed
From-To: open->analyzed

I've submitted a derived patch back to the ISC for incorporation 
into the vendor code. Basically instead of using strlcpy() which 
is non-portable I check the strlen first and then use strcpy() if 
it's safe. Thanks!
Comment 3 Kris Kennaway freebsd_committer freebsd_triage 2000-08-23 10:27:20 UTC 
State Changed
From-To: analyzed->closed

The modified patch has been accepted by the ISC for 
inclusion in BIND 8.2.3, and has been imported into 
FreeBSD 5.0-CURRENT. I will merge it to 4.1-STABLE 
in a few days. 

Thanks for the patch!