[uClibc 0001468]: Couple more bugs in gethostbyname() (patch attached)

bugs at busybox.net bugs at busybox.net
Sat Nov 1 23:37:29 UTC 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://busybox.net/bugs/view.php?id=1468 
====================================================================== 
Reported By:                vvv
Assigned To:                uClibc
====================================================================== 
Project:                    uClibc
Issue ID:                   1468
Category:                   Networking Support
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             08-21-2007 04:03 PDT
Last Modified:              11-01-2008 16:37 PDT
====================================================================== 
Summary:                    Couple more bugs in gethostbyname() (patch attached)
Description: 
The following bugs have been observed in gethostbyname():

1. gethostbyname() fails if DNS server returns more than 23 addresses
(reported by me as 0001361)

2. gethostbyname() fails if the response from DNS server is truncated
(i.e. the full response would contain more than 512 bytes). Such situation
existed for a couple days for vpn.corbina.net - DNS was returning 29
addresses.

3. The h_aliases[0] field of struct hostent points to a corrupted buffer
(the buffer is always overwritten by h_addr_list[0]).

The attached patch fixes the issue for uClibc-0.9.29. Note: this patch
makes my fixes of 0001361 redundant.
======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
has duplicate       0001361 gethostbyname() fails to resolve into m...
====================================================================== 

---------------------------------------------------------------------- 
 vda - 11-01-08 16:37  
---------------------------------------------------------------------- 
I committed some of your fixes. The biggest part which significantly alters
gethostbyname_r() is not applied, I want someone to review it first.
b.patch is a patch avainst today's svn.

Size:

    text           data     bss     dec     hex filename
-    748              0       0     748     2ec
libc/inet/gethostbyname_r.o
+    641              0       0     641     281
libc/inet/gethostbyname_r.o

Test program:

#include <netdb.h>
#include <sys/socket.h>
#include <stdio.h>
int main(int argc, char **argv) {
        char buf[1024];
        char **h_aliases;
        char **h_addr_list;
        struct hostent *h = gethostbyname(argv[1]);
        if (!h) {
                printf("NULL! h_errno:%d (%s)\n", h_errno,
hstrerror(h_errno));
                return 0;
        }
        printf("h_name:'%s'\n", h->h_name);
        printf("h_length:%d\n", h->h_length);
        printf("h_addrtype: %x %s\n", h->h_addrtype,
                h->h_addrtype == AF_INET ? "AF_INET" :
                h->h_addrtype == AF_INET6 ? "AF_INET6" :
                "???"
        );
        h_aliases = h->h_aliases;
        while (*h_aliases)
                printf("alias:'%s'\n", *h_aliases++);
        h_addr_list = h->h_addr_list;
        while (*h_addr_list) {
                printf("addr: 0x%08x '%s'\n", (int)
*(uint32_t*)*h_addr_list,
                        inet_ntop(h->h_addrtype, *h_addr_list, buf,
sizeof(buf)));
                h_addr_list++;
        }
        return 0;
}

Before patch:

# ./test cnn.com
h_name:'cnn.com'
h_length:4
h_addrtype:AF_INET
alias:'²&http://busybox.net/bugs/view.php?id=9557;&http://busybox.net/bugs/view.php?id=1041;²&http://busybox.net/bugs/view.php?id=9557;&http://busybox.net/bugs/view.php?id=1070;&http://busybox.net/bugs/view.php?id=9618;²&http://busybox.net/bugs/view.php?id=9557;&http://busybox.net/bugs/view.php?id=1041;&http://busybox.net/bugs/view.php?id=1051;&http://busybox.net/bugs/view.php?id=9618;'
addr: 0x1ae2a69d '157.166.226.26'
addr: 0x19e0a69d '157.166.224.25'
addr: 0x1ae0a69d '157.166.224.26'
addr: 0x19e2a69d '157.166.226.25'

After patch:

# ./test cnn.com
h_name:'cnn.com'
h_length:4
h_addrtype: 2 AF_INET
alias:'cnn.com'
addr: 0x19e2a69d '157.166.226.25'
addr: 0x1ae2a69d '157.166.226.26'
addr: 0x19e0a69d '157.166.224.25'
addr: 0x1ae0a69d '157.166.224.26' 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-21-07 04:03  vvv            New Issue                                    
08-21-07 04:03  vvv            Status                   new => assigned     
08-21-07 04:03  vvv            Assigned To               => uClibc          
08-21-07 04:03  vvv            File Added: resolv.patch                     
09-29-08 06:37  bernhardf      Relationship added       has duplicate 0001361
11-01-08 16:33  vda            File Added: b.patch                          
11-01-08 16:37  vda            Note Added: 0014814                          
======================================================================

More information about the uClibc-cvs mailing list