Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Jul 2002 13:24:25 -0400 (EDT)
From:      "Michael C. Adler" <mad1@tapil.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/41128: recv_addr init wrong and 512 byte udp packets dropped
Message-ID:  <200207291724.g6THOPoL009142@grumpy.tapil.com>

next in thread | raw e-mail | index | archive | help

>Number:         41128
>Category:       ports
>Synopsis:       recv_addr init wrong and 512 byte udp packets dropped
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 29 10:30:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Michael C. Adler
>Release:        FreeBSD 4.6-RELEASE i386
>Organization:
>Environment:
System: FreeBSD grumpy.tapil.com 4.6-RELEASE FreeBSD 4.6-RELEASE #2: Tue Jul 16 08:18:31 EDT 2002 madler@grumpy.tapil.com:/usr/obj/usr/src/sys/GRUMPY i386


	
>Description:
There are a few bugs in dnrd that should probably be fixed by the author
but could be made to work on bsd:

1.  Initialization in common.h of recv_addr is broken, causing at least the
'-a' switch not to work.  Instead of assuming positions of fields in the
struct across platforms I thought it safer to do a standard initialization
in main().

2.  The buffer overflow code in udp.c:dnsrecv() is off by one, rejecting
messages where the size exactly fills the available buffer.  I also changed
to the calls to dnsrecv to pass 512 as the max size instead of the buffers
that seem to be padded by 4 bytes for a reason I don't understand.  This
causes a calling named to resend packets.  Eventually one seems to get
through but response times can be painfully slow.


>How-To-Repeat:
	
>Fix:

*** main.c.~1~	Sun Jul 28 23:01:46 2002
--- main.c	Sun Jul 28 23:04:15 2002
***************
*** 82,87 ****
--- 82,91 ----
      /*
       * Parse the command line.
       */
+     memset(&recv_addr, 0, sizeof(recv_addr));
+     recv_addr.sin_family = AF_INET;
+     recv_addr.sin_port = htons(53);
+ 
      parse_args(argc, argv);
  
      openlog(progname, LOG_PID, LOG_DAEMON);
*** udp.c.~1~	Fri Oct 29 22:19:33 1999
--- udp.c	Mon Jul 29 12:58:59 2002
***************
*** 74,80 ****
  
      /* Read in the message */
      addr_len = sizeof(struct sockaddr_in);
!     len = recvfrom(isock, msg, sizeof(msg), 0,
  		   (struct sockaddr *)&from_addr, &addr_len);
      if (len < 0) {
  	log_debug("recvfrom error %s", strerror(errno));
--- 74,80 ----
  
      /* Read in the message */
      addr_len = sizeof(struct sockaddr_in);
!     len = recvfrom(isock, msg, maxsize, 0,
  		   (struct sockaddr *)&from_addr, &addr_len);
      if (len < 0) {
  	log_debug("recvfrom error %s", strerror(errno));
***************
*** 172,178 ****
  		inet_ntoa(dns_srv[k].addr.sin_addr));
  	return (-1);
      }
!     else if (rc == len) {
  	log_msg(LOG_NOTICE, "packet too large: %s",
  		inet_ntoa(dns_srv[k].addr.sin_addr));
  	return (0);
--- 172,178 ----
  		inet_ntoa(dns_srv[k].addr.sin_addr));
  	return (-1);
      }
!     else if (rc > len) {
  	log_msg(LOG_NOTICE, "packet too large: %s",
  		inet_ntoa(dns_srv[k].addr.sin_addr));
  	return (0);
***************
*** 202,208 ****
      struct sockaddr_in from_addr;
      unsigned           addr_len;
  
!     len = dnsrecv(srvidx, msg, sizeof(msg));
      if (opt_debug) {
  	char buf[80];
  	sprintf_cname(&msg[12], buf, 80);
--- 202,208 ----
      struct sockaddr_in from_addr;
      unsigned           addr_len;
  
!     len = dnsrecv(srvidx, msg, maxsize);
      if (opt_debug) {
  	char buf[80];
  	sprintf_cname(&msg[12], buf, 80);
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207291724.g6THOPoL009142>