From owner-freebsd-bugs Thu Dec 24 08:40:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA21640 for freebsd-bugs-outgoing; Thu, 24 Dec 1998 08:40:14 -0800 (PST) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA21633 for ; Thu, 24 Dec 1998 08:40:11 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id IAA25704; Thu, 24 Dec 1998 08:40:01 -0800 (PST) Received: from jade.chc-chimes.com (jade.chc-chimes.com [206.67.97.83]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA20947 for ; Thu, 24 Dec 1998 08:36:04 -0800 (PST) (envelope-from billf@jade.chc-chimes.com) Received: (from billf@localhost) by jade.chc-chimes.com (8.8.8/8.8.8) id LAA02647; Thu, 24 Dec 1998 11:36:28 -0500 (EST) (envelope-from billf) Message-Id: <199812241636.LAA02647@jade.chc-chimes.com> Date: Thu, 24 Dec 1998 11:36:28 -0500 (EST) From: Bill Fumerola Reply-To: billf@jade.chc-chimes.com To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: bin/9186: host(1) dumps core when improper arguments are passed Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 9186 >Category: bin >Synopsis: host(1) dumps core when improper arguments are passed >Confidential: yes >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 24 08:40:00 PST 1998 >Last-Modified: >Originator: Bill Fumerola and Ben Olson >Organization: Computer Horizons Corp >Release: FreeBSD 2.2.7-STABLE i386 >Environment: This bug affects all releases of FreeBSD. >Description: host(1) does not check integers when passed to it's '-t' argument. The error seems to be in the parsetype() function. the atoi(s) portion of the function will return whatever number that was given to parsetype() even if it is invalid. A string will be checked by sym_ston() (from the libresolv) and if invalid, will eventually return an improper query type. Eventually the wrong constant from -t will be used, and the command will core out. Also the code assumes that -t has it's child argument follow it. Even if this is not the case it will still decrement the argument counter "c". This also causes segmentation faults, as host(1) tries to read an argument that does not exist. Finally, host(1) assumes that if an argument follows the '-t' option, then a host will also follow, which isn't always the case, this also results in a core. >How-To-Repeat: $ host -t foo Invalid query type: foo $ host -t 100 Segmentation fault $ host -t a Segmentation fault $ host -t a 206.67.97.83 Name: jade.chc-chimes.com Address: 206.67.97.83 Aliases: >Fix: Some error checking code needs to be implmented in the main() code that reads arguments. Sanity checking code in parseclass() (and probably parsetype()) needs to be added. >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message