openbsd-compat/getrrsetbyname.c: answer buffer size too large for EDNS0 and glibc
Damien Miller
djm at mindrot.org
Wed Jul 1 22:22:41 EST 2009
On Tue, 30 Jun 2009, Darren Tucker wrote:
> Hauke Lampe wrote:
> > Hello.
> >
> > I have an issue with SSHFP lookups using "VerifyHostKeyDNS=yes" and
> > "options edns0" in /etc/resolv.conf (glib >= 2.6).
> >
> >
> > getrrsetbyname() calls res_query() with a maximum buffer size of 65536.
> > The glibc resolver truncates this value to 16 bits, reducing the query's
> > advertised buffer size to 0.
> >
> > BIND appears to ignore it while Unbound returns a server failure.
> >
> > glibc's source suggests that it should retry the query without EDNS0 but
> > it does not. Maybe a timeout triggers earlier.
> >
> > OpenSSH then logs "DNS lookup error: general failure" and continues.
> >
> > I propose reducing ANSWER_BUFFER_SIZE to 65535. Of course, the
> > stub-resolver should probably catch this kind of problem, too.
>
> Sounds reasonable to me. Any objections?
No, but doesn't the glibc bug need to be fixed too? There is nothing in
the res_query(3) documentation that specifies integer overflow of the
length argument.
-d
More information about the openssh-unix-dev
mailing list