Date: Mon, 27 Nov 2000 14:09:34 -0800 From: Kris Kennaway <kris@FreeBSD.org> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/cron/cron cron.h Message-ID: <20001127140934.A66576@citusc17.usc.edu> In-Reply-To: <200011272106.NAA37476@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Mon, Nov 27, 2000 at 01:06:13PM -0800 References: <20001127124505.A65167@citusc17.usc.edu> <200011272106.NAA37476@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, Nov 27, 2000 at 01:06:13PM -0800, Rodney W. Grimes wrote: > > On Mon, Nov 27, 2000 at 12:18:10PM -0800, Rodney W. Grimes wrote: > > > > kris 2000/11/26 14:21:40 PST > > > > > > > > Modified files: > > > > usr.sbin/cron/cron cron.h > > > > Log: > > > > Correct definition of MAXHOSTNAMELEN in ifdef'ed out code > > > > > > I actaully was ignoring these until it hit me, your actually probably > > > breaking the purpose of these. Old systems that didn't have MAXHOSTNAMELEN > > > defined in system headers had a 64 byte length for this. I suspect if one > > > takes this code after your ``Correction'' and compiles it on one of these > > > systems a buffer overflow condition could easily be triggered. > > > > I'm making the buffers larger, not smaller. > > Which is fine for old code returing values to new code, but new code > passing values to old code is passing values longer than the old codes > buffer. And that old code is probably riddled with strcpy's and such. There are no 64-byte buffers! > > If ths code were to be compiled on a system which has the definition > > of MAXHOSTNAMELEN in a nonstandard place (so it isn't #included by the > > code) but it has a DNS resolver which is RFC-compliant and capable of > > returning hostnames up to 255 octets long, then there would be a > > buffer overflow when it tries to store the result in a 64-byte buffer. > > And conversely if it has an old non-compliant resolver passing it a > 255 byte hostname is going to overflow the 64-byte buffer. Passing from where? Where does it obtain the long hostname from, if not the resolver? I don't think you've thought this through properly. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoi254ACgkQWry0BWjoQKUsKwCgsgwyFmWdxcPU7KJU9M+duoNi yvEAoL7V3d+zu94pVPT5r5NpWBufyE9G =XLgO -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001127140934.A66576>