From owner-freebsd-bugs Mon Mar 1 18:40:17 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 3187414C49 for ; Mon, 1 Mar 1999 18:40:16 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.2/8.9.2) id SAA20509; Mon, 1 Mar 1999 18:40:00 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from nhj.nlc.net.au (nhj.nlc.net.au [203.24.133.1]) by hub.freebsd.org (Postfix) with SMTP id 02319153AB for ; Mon, 1 Mar 1999 18:33:00 -0800 (PST) (envelope-from john@nlc.net.au) Received: (qmail 7571 invoked from network); 2 Mar 1999 13:32:36 +1100 Received: from grunt.nlc.net.au (203.24.133.5) by nhj.nlc.net.au with SMTP; 2 Mar 1999 13:32:36 +1100 Received: (qmail 64409 invoked by uid 1000); 2 Mar 1999 13:32:32 +1100 Message-Id: <19990302023232.64408.qmail@grunt.nlc.net.au> Date: 2 Mar 1999 13:32:32 +1100 From: john@nlc.net.au Reply-To: john@nlc.net.au To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/10344: Core dump in gethostbyaddr for 199.93.70.2 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 10344 >Category: bin >Synopsis: Core dump in gethostbyaddr for 199.93.70.2 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 1 18:40:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: John Saunders >Release: FreeBSD 3.1-STABLE i386 >Organization: Northlink Communications >Environment: 3.1-STABLE cvsupped on Feb 23rd 1999. >Description: The IP address 199.93.70.2 has many PTR records associated with it. It appears that doing a gethostbyaddr overflows some buffer which causes a signal 10 core dump. The problem was originally discovered with the dnsserver process on squid core dumping. The Backtrace is... #0 0x280cc964 in __ns_name_unpack () #1 0x280ccb75 in __ns_name_uncompress () #2 0x280cc246 in __dn_expand () #3 0x280c1074 in _gethostbyhtaddr () #4 0x280c19c2 in _gethostbydnsaddr () #5 0x280c04a6 in gethostbyaddr () #6 0x8048881 in lookup (buf=0xefbfda4c "199.93.70.2") at dnsserver.c:198 #7 0x8048b2e in main (argc=1, argv=0xefbfdc78) at dnsserver.c:341 #8 0x8048755 in _start () Compiling ns_name.c with -g and linking to dnsserver gives a bit more information. #0 __ns_name_unpack (msg=0xefbfd5b8 "[q\203\200", eom=0xefc0354d
, src=0xefbfd9ae "\003www\bntyamXY?o&\024\f(\004Z?o\004", dst=0xefbfcbf0 "\003www\bntyamXY?in-addr\004arpa", dstsiz=255) at ns_name.c:307 #1 0x80492e4 in __ns_name_uncompress (msg=0xefbfd5b8 "[q\203\200", eom=0xefc0354d
, src=0xefbfd9ae "\003www\bntyamXY?o&\024\f(\004Z?o\004", dst=0x280f3e41 "2.70.93.199.in-addr.arpa", dstsiz=7567) at ns_name.c:430 >How-To-Repeat: The problem is in the resolver library so it can be repeated with any process that does a reverse lookup. Try the following: nslookup -type=ptr 199.93.70.2 Strangely if you don't specify -type=ptr then only the first PTR record is returned and everything works. It appears that if you want to list _all_ PTR records it comes to grief. >Fix: Unknown. Although I suspect it's an access through the srcp pointer in the while loop. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message