Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Oct 2001 12:16:40 +0300
From:      Peter Pentchev <roam@ringlet.net>
To:        freebsd-net@FreeBSD.org
Cc:        freebsd-audit@FreeBSD.org
Subject:   [CFR] whois(1) out-of-bound access patch
Message-ID:  <20011004121640.C1959@ringworld.oblivion.bg>
next in thread | raw e-mail | index | archive | help 

Hi,

As described in PR bin/30968, whois(1) may access invalid data when
the whois server returns a non-newline-terminated string.
While it is true that the whois server maintainers should do a better
job of following standards and such, still the 'be liberal in what
you accept' mindset might be applied in this case, to fix what is
ultimately a subtle fgetln(3) use bug :)

Any harm in committing the attached patch?  And this - or something
like this - should be done soon; all FreeBSD whois clients currently
display weird behavior when querying .biz domains :\

G'luck,
Peter

-- 
because I didn't think of a good beginning of it.

Index: src/usr.bin/whois/whois.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/whois/whois.c,v
retrieving revision 1.24
diff -u -r1.24 whois.c
--- src/usr.bin/whois/whois.c	2001/08/05 19:37:12	1.24
+++ src/usr.bin/whois/whois.c	2001/10/04 14:03:33
@@ -51,6 +51,7 @@
 #include <arpa/inet.h>
 #include <ctype.h>
 #include <err.h>
+#include <errno.h>
 #include <netdb.h>
 #include <stdarg.h>
 #include <stdio.h>
@@ -251,7 +252,7 @@
 {
 	FILE *sfi, *sfo;
 	struct addrinfo *res2;
-	char *buf, *nhost, *p;
+	char *abuf, *buf, *nhost, *p;
 	int i, nomatch, s;
 	size_t len;
 
@@ -275,6 +276,16 @@
 	nhost = NULL;
 	nomatch = 0;
 	while ((buf = fgetln(sfi, &len)) != NULL) {
+		abuf = NULL;
+		if ((len == 0) || !isspace(buf[len - 1])) {
+			abuf = calloc(1, len + 1);
+			if (abuf == NULL) {
+				errno = ENOMEM;
+				err(1, "reallocating");
+			}
+			memcpy(abuf, buf, len);
+			buf = abuf;
+		}
 		while (len && isspace(buf[len - 1]))
 			buf[--len] = '\0';
 
@@ -304,6 +315,7 @@
 				nomatch = 1;
 		}
 		printf("%s\n", buf);
+		free(abuf);
 	}
 
 	/* Do second lookup as needed. */

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004121640.C1959>