openbsd-compat/getrrsetbyname.c: answer buffer size too large for EDNS0 and glibc

Damien Miller djm at mindrot.org
Wed Jul 1 22:22:41 EST 2009


On Tue, 30 Jun 2009, Darren Tucker wrote:

> Hauke Lampe wrote:
> > Hello.
> > 
> > I have an issue with SSHFP lookups using "VerifyHostKeyDNS=yes" and
> > "options edns0" in /etc/resolv.conf (glib >= 2.6).
> > 
> > 
> > getrrsetbyname() calls res_query() with a maximum buffer size of 65536.
> > The glibc resolver truncates this value to 16 bits, reducing the query's
> > advertised buffer size to 0.
> > 
> > BIND appears to ignore it while Unbound returns a server failure.
> > 
> > glibc's source suggests that it should retry the query without EDNS0 but
> > it does not. Maybe a timeout triggers earlier.
> > 
> > OpenSSH then logs "DNS lookup error: general failure" and continues.
> > 
> > I propose reducing ANSWER_BUFFER_SIZE to 65535. Of course, the
> > stub-resolver should probably catch this kind of problem, too.
> 
> Sounds reasonable to me.  Any objections?

No, but doesn't the glibc bug need to be fixed too? There is nothing in
the res_query(3) documentation that specifies integer overflow of the
length argument.

-d


More information about the openssh-unix-dev mailing list