From owner-freebsd-bugs  Wed Oct  3  1:10: 9 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id DF81137B403
	for <freebsd-bugs@hub.freebsd.org>; Wed,  3 Oct 2001 01:10:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f938A1i37629;
	Wed, 3 Oct 2001 01:10:01 -0700 (PDT)
	(envelope-from gnats)
Received: from gizmo.internode.com.au (gizmo.internode.com.au [192.83.231.115])
	by hub.freebsd.org (Postfix) with ESMTP id B0ED437B403
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  3 Oct 2001 01:00:02 -0700 (PDT)
Received: (from newton@localhost)
	by gizmo.internode.com.au (8.11.0/8.9.3) id f937xVE22564;
	Wed, 3 Oct 2001 17:29:31 +0930 (CST)
	(envelope-from newton)
Message-Id: <200110030759.f937xVE22564@gizmo.internode.com.au>
Date: Wed, 3 Oct 2001 17:29:31 +0930 (CST)
From: newton@internode.com.au
Reply-To: newton@internode.com.au
To: FreeBSD-gnats-submit@freebsd.org, brawley@internode.com.au,
	justin@internode.com.au
X-Send-Pr-Version: 3.2
Subject: bin/31002: whois gives contents of /etc/services for bad .biz lookups
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         31002
>Category:       bin
>Synopsis:       whois dumps contents of /etc/services when looking up non-existent .biz names
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 03 01:10:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Mark Newton
>Release:        FreeBSD 4.4-RELEASE
>Organization:
Internode Systems
>Environment:

	FreeBSD 4.4-RELEASE

>Description:

	Null-termination doesn't appear to be working correctly in
	whois.c:269 in a call to fgetln().  The returned buffer ends
	up containing the error message which tells you that whatever
	you're looking for doesn't exist, followed by most of the contents
	of /etc/services.

	The basic problem appear to be that the .biz whois server is
	returning non-standard information (or, at least, information in
	a non-standard format), which is defeating the efforts of 
	whois.c line 270 and 271 to null-terminate the buffer returned
	by fgetln().

>How-To-Repeat:

	% whois bad-domain.biz

>Fix:

	In an ideal world, the .biz people would emit error messages in 
	the same format as everyone else.  Because the world is less than
	ideal, however, life kinda sucks a bit.

	There are several potential fixes.  Unconditionally null-terminating
	the buffer returned by fgetln() is one:  buf[len - 1] = '\0' should
	probably happen between line 269 and line 270, so that we have a 
	null-terminated buffer whether the parsing efforts at line 270 and
	271 work properly or not.  There are other equally defensive 
	possibilities.


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message