Date: Tue, 2 Oct 2001 04:20:02 -0700 (PDT) From: Peter Pentchev <roam@ringlet.net> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/30968: whois client bug w/ .biz Message-ID: <200110021120.f92BK2L92453@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/30968; it has been noted by GNATS.
From: Peter Pentchev <roam@ringlet.net>
To: Sean Kelly <smkelly@zombie.org>
Cc: FreeBSD-gnats-submit@freebsd.org, douglas@min.net
Subject: Re: bin/30968: whois client bug w/ .biz
Date: Tue, 2 Oct 2001 14:06:32 +0300
On Mon, Oct 01, 2001 at 03:25:31PM -0500, Sean Kelly wrote:
>
> >Number: 30968
> >Category: bin
> >Synopsis: whois client bug w/ .biz
> >Responsible: freebsd-bugs
> >State: open
> >Originator: Sean Kelly
> >Release: FreeBSD 4.4-STABLE i386
> >Organization:
> >Environment:
> System: FreeBSD edgemaster.zombie.org 4.4-STABLE FreeBSD 4.4-STABLE #1: Sat Sep 29 22:12:48 CDT 2001 root@edgemaster.zombie.org:/usr/obj/usr/src/sys/EDGEMASTER i386
> Multiple machines, /usr/src/usr.bin/whois/whois.c version 1.15.2.4
> >Description:
> The whois client mangles output when doing specific searches and
> presented with specific results, specifically with results lacking
> a final CR.
> >How-To-Repeat:
> First, do 'whois haha.biz'. Notice the odd output?
> Now, do 'whois haha.biz|cat'. Notice the different output?
These are both due to the fact that, as you noticed, the final CR
is missing. The whois(1) code assumes incorrectly that fgetln(3)
will always return a isspace(3)-terminated string. This is not
the case, as noted in a prominent warning on the fgetln(3) manual page.
As a result, an out-of-bound string access is made. For some reason,
when the output is sent to a terminal, that out-of-bound access reads
the previously read contents of /etc/services (whois(1) needs that
to determine which port the whois/tcp service is on).
Can you try the attached patch?
G'luck,
Peter
--
This sentence no verb.
Index: src/usr.bin/whois/whois.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/whois/whois.c,v
retrieving revision 1.15.2.4
diff -u -r1.15.2.4 whois.c
--- src/usr.bin/whois/whois.c 2001/08/02 02:21:24 1.15.2.4
+++ src/usr.bin/whois/whois.c 2001/10/02 16:15:22
@@ -51,6 +51,7 @@
#include <arpa/inet.h>
#include <ctype.h>
#include <err.h>
+#include <errno.h>
#include <netdb.h>
#include <stdarg.h>
#include <stdio.h>
@@ -267,6 +268,17 @@
nhost = NULL;
nomatch = 0;
while ((buf = fgetln(sfi, &len)) != NULL) {
+ if ((len == 0) || !isspace(buf[len - 1])) {
+ char *newbuf;
+
+ newbuf = realloc(buf, len + 1);
+ if (newbuf == NULL) {
+ errno = ENOMEM;
+ err(1, "reallocating");
+ }
+ newbuf[len] = '\0';
+ buf = newbuf;
+ }
while (len && isspace(buf[len - 1]))
buf[--len] = '\0';
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110021120.f92BK2L92453>