gethostbyname errata

Mon, 17 Nov 2014 12:26:44 -0800 

Due to a bug in the libc asr resolver, querying an invalid hostname can
cause a crash. Patches are available for 5.5 and 5.6.

untrusted comment: signature from openbsd 5.6 base private key
RWR0EANmo9nqhl31oIXbJYtUWXNHHNzHGhJ+v2XZAAlwH5TwYDkTp2NHqjhnrJayp37glapQejDsm/LDGm1M5bnpkmHh7FGNGQ4=

OpenBSD 5.6 errata 8, Nov 17, 2014:  Querying an invalid hostname with
gethostbyname(3) could cause a NULL deref.

Apply patch using:

    signify -Vep /etc/signify/openbsd-56-base.pub -x 008_asr.patch.sig \
        -m - | (cd /usr/src && patch -p0)

Then build and install libc

    cd /usr/src/lib/libc
    make obj
    make depend
    make
    make install

Also recompile any statically-linked binaries:

    cd /usr/src/bin
    make obj
    make depend
    make
    make install

    cd /usr/src/sbin
    make obj
    make depend
    make
    make install

Index: lib/libc/asr/gethostnamadr_async.c
===================================================================
RCS file: /cvs/src/lib/libc/asr/gethostnamadr_async.c,v
retrieving revision 1.30
diff -u -p -r1.30 gethostnamadr_async.c
--- lib/libc/asr/gethostnamadr_async.c  23 Jul 2014 21:26:25 -0000      1.30
+++ lib/libc/asr/gethostnamadr_async.c  6 Nov 2014 13:00:40 -0000
@@ -357,13 +357,12 @@ gethostnamadr_async_run(struct asr_query
                }
 
                /*
-                * No address found in the dns packet. The blocking version
-                * reports this as an error.
+                * No valid hostname or address found in the dns packet.
+                * Ignore it.
                 */
                if ((as->as_type == ASR_GETHOSTBYNAME &&
                     h->h.h_addr_list[0] == NULL) ||
-                   (as->as_type == ASR_GETHOSTBYADDR &&
-                    h->h.h_name == NULL)) {
+                   h->h.h_name == NULL) {
                        free(h);
                        async_set_state(as, ASR_STATE_NEXT_DB);
                        break;
Index: lib/libc/asr/getnetnamadr_async.c
===================================================================
RCS file: /cvs/src/lib/libc/asr/getnetnamadr_async.c,v
retrieving revision 1.16
diff -u -p -r1.16 getnetnamadr_async.c
--- lib/libc/asr/getnetnamadr_async.c   23 Jul 2014 21:26:25 -0000      1.16
+++ lib/libc/asr/getnetnamadr_async.c   6 Nov 2014 13:00:40 -0000
@@ -239,11 +239,11 @@ getnetnamadr_async_run(struct asr_query 
                        n->n.n_net = as->as.netnamadr.addr;
 
                /*
-                * No address found in the dns packet. The blocking version
-                * reports this as an error.
+                * No valid hostname or address found in the dns packet.
+                * Ignore it.
                 */
-               if (as->as_type == ASR_GETNETBYNAME && n->n.n_net == 0) {
-                        /* XXX wrong */
+               if ((as->as_type == ASR_GETNETBYNAME && n->n.n_net == 0) ||
+                   n->n.n_name == NULL) {
                        free(n);
                        async_set_state(as, ASR_STATE_NEXT_DB);
                        break;

Reply via email to