From owner-cvs-all Mon Nov 27 14: 8:51 2000 Delivered-To: cvs-all@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id A010937B479; Mon, 27 Nov 2000 14:08:45 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eARM9ZL66631; Mon, 27 Nov 2000 14:09:35 -0800 (PST) (envelope-from kris) Date: Mon, 27 Nov 2000 14:09:34 -0800 From: Kris Kennaway To: "Rodney W. Grimes" Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/cron/cron cron.h Message-ID: <20001127140934.A66576@citusc17.usc.edu> References: <20001127124505.A65167@citusc17.usc.edu> <200011272106.NAA37476@gndrsh.dnsmgr.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200011272106.NAA37476@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Mon, Nov 27, 2000 at 01:06:13PM -0800 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 27, 2000 at 01:06:13PM -0800, Rodney W. Grimes wrote: > > On Mon, Nov 27, 2000 at 12:18:10PM -0800, Rodney W. Grimes wrote: > > > > kris 2000/11/26 14:21:40 PST > > > >=20 > > > > Modified files: > > > > usr.sbin/cron/cron cron.h=20 > > > > Log: > > > > Correct definition of MAXHOSTNAMELEN in ifdef'ed out code > > >=20 > > > I actaully was ignoring these until it hit me, your actually probably > > > breaking the purpose of these. Old systems that didn't have MAXHOSTN= AMELEN > > > defined in system headers had a 64 byte length for this. I suspect i= f one > > > takes this code after your ``Correction'' and compiles it on one of t= hese > > > systems a buffer overflow condition could easily be triggered. > >=20 > > I'm making the buffers larger, not smaller. >=20 > Which is fine for old code returing values to new code, but new code > passing values to old code is passing values longer than the old codes > buffer. And that old code is probably riddled with strcpy's and such. There are no 64-byte buffers! > > If ths code were to be compiled on a system which has the definition > > of MAXHOSTNAMELEN in a nonstandard place (so it isn't #included by the > > code) but it has a DNS resolver which is RFC-compliant and capable of > > returning hostnames up to 255 octets long, then there would be a > > buffer overflow when it tries to store the result in a 64-byte buffer. >=20 > And conversely if it has an old non-compliant resolver passing it a > 255 byte hostname is going to overflow the 64-byte buffer. Passing from where? Where does it obtain the long hostname from, if not the resolver? I don't think you've thought this through properly. Kris --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoi254ACgkQWry0BWjoQKUsKwCgsgwyFmWdxcPU7KJU9M+duoNi yvEAoL7V3d+zu94pVPT5r5NpWBufyE9G =XLgO -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message