[7885] in bugtraq
Re: nslookup issues
daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Fri Sep 4 22:47:38 1998
Date: Sat, 5 Sep 1998 03:20:33 +0200
Reply-To: Wichert Akkerman <wichert@WIGGY.ML.ORG>
From: Wichert Akkerman <wichert@WIGGY.ML.ORG>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199808311851.MAA15350@cvs.openbsd.org>; from Theo de Raadt on
Mon, Aug 31, 1998 at 12:51:35PM -0600
--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Previously Theo de Raadt wrote:
> Well, here's a first cut at fixing some of the nslookup/dig problems.
> This patch should get people started at repairing their distributions.
> If anyone has any further fixes or notes some other issues in this
> area, please let me know.
This patch doesn't apply to bind 8.1.2. I've revised the patch
a bit and came to the patch below.=20
Wichert.
diff -ru org/bind-8.1.2/bin/dig/dig.c bind-8.1.2/bin/dig/dig.c
--- org/bind-8.1.2/bin/dig/dig.c Thu Mar 19 20:30:18 1998
+++ bind-8.1.2/bin/dig/dig.c Tue Sep 1 17:03:21 1998
@@ -745,9 +745,11 @@
static int
SetOption(const char *string) {
char option[NAME_LEN], type[NAME_LEN], *ptr;
+ char get[80];
int i;
=20
- i =3D sscanf(string, " %s", option);
+ snprintf(get, sizeof(get), " %%%ds", sizeof(option-1));
+ i =3D sscanf(string, get, option);
if (i !=3D 1) {
fprintf(stderr, ";*** Invalid option: %s\n", option);
return (ERROR);
@@ -779,8 +781,10 @@
_res.options &=3D ~RES_DNSRCH;
} else if (strncmp(option, "do", 2) =3D=3D 0) { /* domain */
ptr =3D strchr(option, '=3D');
- if (ptr !=3D NULL)
- sscanf(++ptr, "%s", _res.defdname);
+ if (ptr !=3D NULL) {
+ snprintf(get, sizeof(get),"%%%ds", sizeof(_res.defdname));
+ sscanf(++ptr, get, _res.defdname);
+ }
} else if (strncmp(option, "ti", 2) =3D=3D 0) { /* timeout */
ptr =3D strchr(option, '=3D');
if (ptr !=3D NULL)
diff -ru org/bind-8.1.2/bin/nslookup/list.c bind-8.1.2/bin/nslookup/list.c
--- org/bind-8.1.2/bin/nslookup/list.c Tue Nov 18 01:32:33 1997
+++ bind-8.1.2/bin/nslookup/list.c Tue Sep 1 17:09:09 1998
@@ -152,13 +152,16 @@
ListHostsByType(char *string, int putToFile) {
char *namePtr, name[NAME_LEN], option[NAME_LEN];
int i, qtype, result;
+ char get[80];
=20
/*
* Parse the command line. It maybe of the form "ls -t domain"
* or "ls -t type domain".
*/
=20
- i =3D sscanf(string, " ls -t %s %s", option, name);
+ snprintf(get, sizeof get, " ls -t %%%ds %%%ds", sizeof option-1,
+ sizeof name-1);
+ i =3D sscanf(string, get, option, name);
if (putToFile && i =3D=3D 2 && name[0] =3D=3D '>')
i--;
if (i =3D=3D 2) {
@@ -183,12 +186,15 @@
ListHosts(char *string, int putToFile) {
char *namePtr, name[NAME_LEN], option[NAME_LEN];
int i, qtype, result;
+ char get[80];
=20
/*
* Parse the command line. It maybe of the form "ls domain",
* "ls -X domain".
*/
- i =3D sscanf(string, " ls %s %s", option, name);
+ snprintf(get, sizeof get, " ls -t %%%ds %%%ds", sizeof option-1,
+ sizeof name-1);
+ i =3D sscanf(string, get, option, name);
if (putToFile && i =3D=3D 2 && name[0] =3D=3D '>')
i--;
if (i =3D=3D 2) {
@@ -481,8 +487,10 @@
{
char file[PATH_MAX];
char command[PATH_MAX];
+ char get[80];
=20
- sscanf(string, " view %s", file);
+ snprintf(get, sizeof get, " view %%%ds", sizeof file-1);
+ sscanf(string, get, file);
(void)sprintf(command, "grep \"^ \" %s | sort | %s", file, pager);
system(command);
}
@@ -516,6 +524,7 @@
int lastc;
char name[NAME_LEN];
char file[NAME_LEN];
+ char get[80];
=20
/*
* We need a valid current host info to get an inet address.
@@ -525,7 +534,8 @@
return (ERROR);
}
=20
- if (sscanf(string, " finger %s", name) =3D=3D 1) {
+ snprintf(get, sizeof get, " finger %%%ds", sizeof name-1);
+ if (sscanf(string, get, name) =3D=3D 1) {
if (putToFile && (name[0] =3D=3D '>')) {
name[0] =3D '\0';
}
diff -ru org/bind-8.1.2/bin/nslookup/main.c bind-8.1.2/bin/nslookup/main.c
--- org/bind-8.1.2/bin/nslookup/main.c Fri Apr 25 02:27:18 1997
+++ bind-8.1.2/bin/nslookup/main.c Tue Sep 1 21:15:25 1998
@@ -464,6 +464,7 @@
char newServer[NAME_LEN];
int result;
int i;
+ char get[40];
=20
/*
* Parse the command line. It maybe of the form "server name",
@@ -471,12 +472,15 @@
*/
=20
if (local) {
- i =3D sscanf(string, " lserver %s", newServer);
+ snprintf(get, sizeof get, "lserver %%%ds", sizeof newServer-1);
+ i =3D sscanf(string, get, newServer);
} else {
- i =3D sscanf(string, " server %s", newServer);
+ snprintf(get, sizeof get, "server %%%ds", sizeof newServer-1);
+ i =3D sscanf(string, get, newServer);
}
if (i !=3D 1) {
- i =3D sscanf(string, " %s", newServer);
+ snprintf(get, sizeof get, " %%%ds", sizeof newServer-1);
+ i =3D sscanf(string, get, newServer);
if (i !=3D 1) {
fprintf(stderr,"SetDefaultServer: invalid name: %s\n", string);
return(ERROR);
@@ -667,6 +671,7 @@
char host[NAME_LEN];
char file[PATH_MAX];
int result;
+ char get[80];
=20
/*
* Invalidate the current host information to prevent Finger=20
@@ -681,7 +686,8 @@
*
*/
=20
- sscanf(string, " %s", host); /* removes white space */
+ snprintf(get, sizeof get, " %%%ds", sizeof host-1);
+ sscanf(string, get, host); /* removes white space */
if (!putToFile) {
filePtr =3D stdout;
} else {
@@ -738,11 +744,13 @@
char host[NAME_LEN];
char server[NAME_LEN];
int result;
+ char get[80];
static HostInfo serverInfo;
=20
curHostValid =3D FALSE;
=20
- sscanf(string, " %s %s", host, server);
+ snprintf(get, sizeof get, " %%%ds %%%ds", sizeof host-1, sizeof server=
-1);
+ sscanf(string, get, host, server);
if (!putToFile) {
filePtr =3D stdout;
} else {
@@ -823,6 +831,7 @@
char type[NAME_LEN];
char *ptr;
int tmp;
+ char get[40];
=20
while (isspace(*option))
++option;
@@ -851,7 +860,8 @@
} else if (strncmp(option, "do", 2) =3D=3D 0) { /* domain */
ptr =3D strchr(option, '=3D');
if (ptr !=3D NULL) {
- sscanf(++ptr, "%s", _res.defdname);
+ snprintf(get, sizeof get, "%%%ds", sizeof _res.defdname-1);
+ sscanf(++ptr, get, _res.defdname);
res_re_init();
}
} else if (strncmp(option, "deb", 1) =3D=3D 0) { /* debug */
@@ -877,13 +887,15 @@
strncmp(option, "ty", 2) =3D=3D 0) { /* type */
ptr =3D strchr(option, '=3D');
if (ptr !=3D NULL) {
- sscanf(++ptr, "%s", type);
+ snprintf(get, sizeof get, "%%%ds", sizeof type-1);
+ sscanf(++ptr, get, type);
queryType =3D StringToType(type, queryType, stderr);
}
} else if (strncmp(option, "cl", 2) =3D=3D 0) { /* query class */
ptr =3D strchr(option, '=3D');
if (ptr !=3D NULL) {
- sscanf(++ptr, "%s", type);
+ snprintf(get, sizeof get, "%%%ds", sizeof type-1);
+ sscanf(++ptr, get, type);
queryClass =3D StringToClass(type, queryClass, stderr);
}
} else if (strncmp(option, "rec", 3) =3D=3D 0) { /* recurse */
@@ -901,7 +913,8 @@
} else if (strncmp(option, "ro", 2) =3D=3D 0) { /* root */
ptr =3D strchr(option, '=3D');
if (ptr !=3D NULL) {
- sscanf(++ptr, "%s", rootServerName);
+ snprintf(get, sizeof get, "%%%ds", sizeof rootServerName-1);
+ sscanf(++ptr, get, rootServerName);
}
} else if (strncmp(option, "sea", 3) =3D=3D 0) { /* search list */
_res.options |=3D RES_DNSRCH;
@@ -964,6 +977,7 @@
int n;
=20
(void)strncpy(_res.defdname, cp, sizeof(_res.defdname) - 1);
+ _res.defdname[sizeof(_res.defdname) - 1] =3D '\0';
if ((cp =3D strchr(_res.defdname, '\n')) !=3D NULL)
*cp =3D '\0';
/*
@@ -1109,8 +1123,9 @@
if ((cp =3D getenv("HOME")) !=3D NULL &&
(strlen(cp) + strlen(_PATH_NSLOOKUPRC)) < sizeof(buf)) {
=20
- (void) strcpy(buf, cp);
- (void) strcat(buf, _PATH_NSLOOKUPRC);
+ (void) strncpy(buf, cp, sizeof buf - 1);
+ buf[sizeof buf - 1] =3D '\0';
+ (void) strncat(buf, _PATH_NSLOOKUPRC, sizeof buf - strlen(buf) - 1);
=20
if ((fp =3D fopen(buf, "r")) !=3D NULL) {
while (fgets(buf, sizeof(buf), fp) !=3D NULL) {
diff -ru org/bind-8.1.2/bin/nslookup/subr.c bind-8.1.2/bin/nslookup/subr.c
--- org/bind-8.1.2/bin/nslookup/subr.c Fri Apr 25 02:27:19 1997
+++ bind-8.1.2/bin/nslookup/subr.c Tue Sep 1 21:14:39 1998
@@ -341,6 +341,7 @@
{
char *redirect;
FILE *tmpPtr;
+ char get[80];
=20
/*
* Open an output file if we see '>' or >>'.
@@ -352,10 +353,12 @@
return(NULL);
}
if (redirect[1] =3D=3D '>') {
- sscanf(redirect, ">> %s", file);
+ snprintf(get, sizeof get, ">> %%%ds", sizeof file-1);
+ sscanf(redirect, get, file);
tmpPtr =3D fopen(file, "a+");
} else {
- sscanf(redirect, "> %s", file);
+ snprintf(get, sizeof get, "> %%%ds", sizeof file-1);
+ sscanf(redirect, get, file);
tmpPtr =3D fopen(file, "w");
}
=20
--YiEDa0DAkWCtVeE4
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQB1AwUBNfCR4ajZR/ntlUftAQHleQL8CSgokwkGTxTxWSzLNxwXQKPHdYMCLJv+
l/g4NZIPM2OpVlAKVFZDCmcinTFufpOgrE2UhKf2PO53u/tTrdu3yI57XHlSmiSk
7VHHkw94h8QezxBmBKuW90jD6o1YhkB/
=XZCq
-----END PGP SIGNATURE-----
--YiEDa0DAkWCtVeE4--
