Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Oct 2001 12:19:33 -0400
From:      Mike Barcroft <mike@FreeBSD.ORG>
To:        Peter Pentchev <roam@ringlet.net>
Cc:        freebsd-net@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG
Subject:   Re: [CFR] whois(1) out-of-bound access patch
Message-ID:  <20011004121933.B31795@coffee.q9media.com>
In-Reply-To: <20011004121640.C1959@ringworld.oblivion.bg>; from roam@ringlet.net on Thu, Oct 04, 2001 at 12:16:40PM %2B0300
References:  <20011004121640.C1959@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Peter Pentchev <roam@ringlet.net> writes:
> As described in PR bin/30968, whois(1) may access invalid data when
> the whois server returns a non-newline-terminated string.
> While it is true that the whois server maintainers should do a better
> job of following standards and such, still the 'be liberal in what
> you accept' mindset might be applied in this case, to fix what is
> ultimately a subtle fgetln(3) use bug :)
> 
> Any harm in committing the attached patch?  And this - or something
> like this - should be done soon; all FreeBSD whois clients currently
> display weird behavior when querying .biz domains :\

Evil!  :)  You may want to notify the server administrator, as I tried
using a variety of different whois clients and most of them have
problems with it.

[Over-engineered patch removed.]

Would you please test the attached patch and confirm that it solves
the problem?  If it does, I'll commit it today.

Best regards,
Mike Barcroft

[-- Attachment #2 --]
whois.20011004.diff

A whois server may return a final line without a new line character.

PR:	30968

Index: whois.c
===================================================================
RCS file: /cvs/src/usr.bin/whois/whois.c,v
retrieving revision 1.24
diff -u -r1.24 whois.c
--- whois.c	5 Aug 2001 19:37:12 -0000	1.24
+++ whois.c	4 Oct 2001 15:57:56 -0000
@@ -303,7 +303,7 @@
 			    strchr(name, '.') == NULL)
 				nomatch = 1;
 		}
-		printf("%s\n", buf);
+		printf("%.*s\n", (int)len, buf);
 	}
 
 	/* Do second lookup as needed. */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004121933.B31795>