Bug 18221

Summary: DNS resolver can fail for large DNS responses
Product: Base System Reporter: john <john>
Component: binAssignee: Doug Barton <dougb>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.4-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description john 2000-04-26 06:30:02 UTC 
	The file /usr/src/lib/libc/net/gethostbydns.c can fail to
	resolve a name if the DNS response is very large. A small
	patch was made a little while ago to prevent a buffer overrun
	from occuring, however this patch prevents all DNS responses.

	The following patch causes a partial result to be returned
	that is limited to the size of the static buffer. This is
	preferable to the current situation of not returning anything.

How-To-Repeat: 
	Do an nslookup on any DNS name that has enough results to
	overflow a 1024 byte buffer.
Comment 1 Bill Fenner 2000-04-26 16:08:32 UTC 
I didn't return the truncated response because I was worried about
whether all the relevant functions handled truncated responses.
Have you checked this?

>@@ -666,7 +669,6 @@
> 	}
> 	if (n > sizeof buf.buf) {
> 		dprintf("static buffer is too small (%d)\n", n);
>-		return (NULL);
> 	}
> 	if (!(hp = gethostanswer(&buf, n, qbuf, T_PTR)))
> 		return (NULL);	/* h_errno was set by gethostanswer() */

Didn't you just reintroduce the buffer overrun?  (e.g. you at least want
to truncate n to sizeof buf.buf)

  Bill
Comment 2 Doug Barton freebsd_committer freebsd_triage 2001-02-04 05:26:15 UTC 
State Changed
From-To: open->feedback


Can you test this problem with an up to date -current or -stable and report 
your findings please?
Comment 3 Doug Barton freebsd_committer freebsd_triage 2001-02-04 05:26:15 UTC 
Responsible Changed
From-To: freebsd-bugs->dougb


I'll handle the feedback.
Comment 4 Doug Barton freebsd_committer freebsd_triage 2001-03-05 06:22:41 UTC 
State Changed
From-To: feedback->closed


Feedback timeout.