Date: Wed, 3 Oct 2001 17:29:31 +0930 (CST) From: newton@internode.com.au To: FreeBSD-gnats-submit@freebsd.org, brawley@internode.com.au, justin@internode.com.au Subject: bin/31002: whois gives contents of /etc/services for bad .biz lookups Message-ID: <200110030759.f937xVE22564@gizmo.internode.com.au>
next in thread | raw e-mail | index | archive | help
>Number: 31002 >Category: bin >Synopsis: whois dumps contents of /etc/services when looking up non-existent .biz names >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 03 01:10:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Mark Newton >Release: FreeBSD 4.4-RELEASE >Organization: Internode Systems >Environment: FreeBSD 4.4-RELEASE >Description: Null-termination doesn't appear to be working correctly in whois.c:269 in a call to fgetln(). The returned buffer ends up containing the error message which tells you that whatever you're looking for doesn't exist, followed by most of the contents of /etc/services. The basic problem appear to be that the .biz whois server is returning non-standard information (or, at least, information in a non-standard format), which is defeating the efforts of whois.c line 270 and 271 to null-terminate the buffer returned by fgetln(). >How-To-Repeat: % whois bad-domain.biz >Fix: In an ideal world, the .biz people would emit error messages in the same format as everyone else. Because the world is less than ideal, however, life kinda sucks a bit. There are several potential fixes. Unconditionally null-terminating the buffer returned by fgetln() is one: buf[len - 1] = '\0' should probably happen between line 269 and line 270, so that we have a null-terminated buffer whether the parsing efforts at line 270 and 271 work properly or not. There are other equally defensive possibilities. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110030759.f937xVE22564>