Bug#307489: nstxd: Segfaults on normal dns zone lookup

Tue, 03 May 2005 07:53:44 -0700 

Package: nstx
Version: 1.1-beta6-2.1
Severity: important
Tags: patch

I recently tested nstx, trying to prepare a emergency tunnel for my
laptop.  I ran into a annoying problem with the server crashing when I
tested it using 'host tun-domain.somewhere.org'.  It crashes in
lbl2data() because realloc() return NULL, and this can't be used as a
pointer.  I tracked down the real problem, and this is in
dns_fqdn2data().

The problem is that the suffix and the fqdn is identical.  This leads
to a call to lbl2data(fqdn, 0), and using realloc(buf, 0) return NULL.

The fix is to make sure only fqdn entries with some data in it is
passed on to lbl2data().  This patch fixed this crash problem.

I inserted an assert() to make sure it crashed on a controlled fasion
when realloc() returned NULL, made sure buf was NULL at the start, and
made sure not to call lbl2data if the length was 0.

diff -ur nstx-1.1-beta6/nstx_dns.c nstx-1.1-beta6-pere/nstx_dns.c
--- nstx-1.1-beta6/nstx_dns.c   Tue May  3 16:00:38 2005
+++ nstx-1.1-beta6-pere/nstx_dns.c Tue May  3 15:49:59 2005
@@ -6,6 +6,7 @@
 #include <fcntl.h>
 #include <syslog.h>
 #include <unistd.h>
+#include <assert.h>

 #include "nstxfun.h"
 #include "nstxdns.h"
@@ -183,13 +184,13 @@
 static const unsigned char *
 lbl2data (const unsigned char *data, size_t len)
 {
-   static signed char *buf;
+   static signed char *buf = NULL;
    const unsigned char *s = data;
    signed char *d;
    signed int llen;

    d = buf = realloc(buf, len);
-
+   assert(d);
    do
      {
   llen = *s++;
@@ -336,7 +337,8 @@
      free(buf);

    off = strstr(fqdn, suffix);
-   if (off)
+   /* only parse if the fqdn was found, and there is more than the fqdn */
+   if (off && off != fqdn)
   buf = strdup((char*)lbl2data((unsigned char*)fqdn, off - fqdn));
    else
   /* Our suffix not found... */


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux developer.skolelinux.no 2.4.27 #1 SMP Sat Oct 23 14:01:01 CEST 
2004 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages nstx depends on:
ii  adduser                       3.47       Add and remove users and groups
ii  libc6                         2.2.5-11.8 GNU C Library: Shared libraries an


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to