Date: 2 Mar 1999 13:32:32 +1100 From: john@nlc.net.au To: FreeBSD-gnats-submit@freebsd.org Subject: bin/10344: Core dump in gethostbyaddr for 199.93.70.2 Message-ID: <19990302023232.64408.qmail@grunt.nlc.net.au>
next in thread | raw e-mail | index | archive | help
>Number: 10344
>Category: bin
>Synopsis: Core dump in gethostbyaddr for 199.93.70.2
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 1 18:40:00 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: John Saunders
>Release: FreeBSD 3.1-STABLE i386
>Organization:
Northlink Communications
>Environment:
3.1-STABLE cvsupped on Feb 23rd 1999.
>Description:
The IP address 199.93.70.2 has many PTR records associated
with it. It appears that doing a gethostbyaddr overflows
some buffer which causes a signal 10 core dump.
The problem was originally discovered with the dnsserver
process on squid core dumping. The Backtrace is...
#0 0x280cc964 in __ns_name_unpack ()
#1 0x280ccb75 in __ns_name_uncompress ()
#2 0x280cc246 in __dn_expand ()
#3 0x280c1074 in _gethostbyhtaddr ()
#4 0x280c19c2 in _gethostbydnsaddr ()
#5 0x280c04a6 in gethostbyaddr ()
#6 0x8048881 in lookup (buf=0xefbfda4c "199.93.70.2") at dnsserver.c:198
#7 0x8048b2e in main (argc=1, argv=0xefbfdc78) at dnsserver.c:341
#8 0x8048755 in _start ()
Compiling ns_name.c with -g and linking to dnsserver gives a bit
more information.
#0 __ns_name_unpack (msg=0xefbfd5b8 "[q\203\200",
eom=0xefc0354d <Address 0xefc0354d out of bounds>,
src=0xefbfd9ae "\003www\bntyamXY?o&\024\f(\004Z?o\004",
dst=0xefbfcbf0 "\003www\bntyamXY?in-addr\004arpa", dstsiz=255)
at ns_name.c:307
#1 0x80492e4 in __ns_name_uncompress (msg=0xefbfd5b8 "[q\203\200",
eom=0xefc0354d <Address 0xefc0354d out of bounds>,
src=0xefbfd9ae "\003www\bntyamXY?o&\024\f(\004Z?o\004",
dst=0x280f3e41 "2.70.93.199.in-addr.arpa", dstsiz=7567) at ns_name.c:430
>How-To-Repeat:
The problem is in the resolver library so it can be repeated
with any process that does a reverse lookup. Try the following:
nslookup -type=ptr 199.93.70.2
Strangely if you don't specify -type=ptr then only the first PTR
record is returned and everything works. It appears that if you
want to list _all_ PTR records it comes to grief.
>Fix:
Unknown. Although I suspect it's an access through the srcp pointer
in the while loop.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990302023232.64408.qmail>