openbsd-compat/getrrsetbyname.c: answer buffer size too large for EDNS0 and glibc
Hauke Lampe
list+opensshdev at hauke-lampe.de
Sat Jul 4 01:47:54 EST 2009
Damien Miller wrote:
> No, but doesn't the glibc bug need to be fixed too? There is nothing in
> the res_query(3) documentation that specifies integer overflow of the
> length argument.
I agree. If larger buffers are allowed in res_* arguments, the library
should cap EDNS0 buffer size at 65535.
Until a fix for this reaches main distributions, getrrsetbyname should
work around it, though, IMHO.
I took this to the glibc maintainer and Ubuntu:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10360
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/395196
Hauke.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090703/39619cf9/attachment.bin>
More information about the openssh-unix-dev
mailing list