From owner-freebsd-bugs  Sun Mar  1 16:53:14 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA07254
          for freebsd-bugs-outgoing; Sun, 1 Mar 1998 16:53:14 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from fly.HiWAAY.net (root@fly.HiWAAY.net [208.147.154.56])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA07249
          for <bugs@FreeBSD.ORG>; Sun, 1 Mar 1998 16:53:10 -0800 (PST)
          (envelope-from sprice@hiwaay.net)
Received: from bonsai.hiwaay.net (tnt1-190.HiWAAY.net [208.147.147.190])
	by fly.HiWAAY.net (8.8.8/8.8.6) with SMTP id SAA11840;
	Sun, 1 Mar 1998 18:53:06 -0600 (CST)
Message-ID: <34FA0330.7A5F06AF@hiwaay.net>
Date: Sun, 01 Mar 1998 18:54:08 -0600
From: Steve Price <sprice@hiwaay.net>
X-Mailer: Mozilla 3.04Gold (X11; I; FreeBSD 3.0-CURRENT i386)
MIME-Version: 1.0
To: Justin Kalina <justin@ad-v.com>
CC: bugs@FreeBSD.ORG
Subject: Re: core dump "host -l"
References: <Pine.BSF.3.96.980301161827.7533A-100000@luptid.ad-v.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Justin Kalina wrote:
> 
> host seems to seg. fault and dump core using diffrent variations of the
> code.
> 
> bash$ host -l NS luptid.ad-v.com
> Using domain server:
> Name: luptid.ad-v.com
> Address: 209.51.160.70
> Aliases:
> 
> Server failed: Premature end of data
> Segmentation fault (core dumped)

It seems the server's response is of a length that is too
large and the stack is getting corrupted.  Attached is a
patch that circumvents the problem but should by no means
be considered the correct fix.

Steve

>                         Justin
> 
> ---------------------------------------------------------------------------
> Justin Kalina                                           justin@ad-v.com
> Adamantine Ventures, Inc.                               Vice President
> http://www.ad-v.com                                     973-989-8213
> ----------------------------------------------------------------------------

Index: host.c
===================================================================
RCS file: /u/FreeBSD/cvs/src/contrib/bind/tools/host.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 host.c
--- host.c	1996/12/31 19:51:05	1.1.1.2
+++ host.c	1998/03/01 23:24:42
@@ -1345,6 +1345,11 @@
 	     * Read the response.
 	     */
 
+	    if (len > sizeof(buf)) {
+		    printf("Server returned invalid length: %d\n", len);
+		    return (SUCCESS);
+	    }
+
 	    amtToRead = len;
 	    cp = (u_char *) &buf;
 	    while(amtToRead > 0 && (numRead = read(sockFD, cp, amtToRead)) >
0){

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message