[17968] in bugtraq
BitchX DNS Overflow Patch
daemon@ATHENA.MIT.EDU (nimrood)
Fri Dec 8 02:55:55 2000
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Message-Id: <20001207062748.YONH9078.mta07.onebox.com@onebox.com>
Date: Wed, 6 Dec 2000 22:28:13 -0800
Reply-To: nimrood <nimrood@ONEBOX.COM>
From: nimrood <nimrood@ONEBOX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
listed are two bugs in the BitchX irc client. a possible stack overflow
condition exists if a malformed DNS answer is processed by the client.
a second bug allows this malformed DNS record to be embedded in a valid
DNS packet. without the second bug the malformed DNS record wouldn't
be processed "correctly."
this patch is derived from the BitchX-1.0c17 source tree, but is relevent
to previous versions:
*** BitchX/source/misc.c.orig Thu Dec 7 01:33:11 2000
--- BitchX/source/misc.c Thu Dec 7 01:42:38 2000
***************
*** 2643,2648 ****
--- 2643,2653 ----
switch(type)
{
case T_A :
+ if (dlen != sizeof(struct in_addr))
+ {
+ cp += dlen;
+ break;
+ }
rptr->re_he.h_length = dlen;
if (ans == 1)
rptr->re_he.h_addrtype=(class == C_IN)
?
***************
*** 2689,2694 ****
--- 2694,2700 ----
*alias = NULL;
break;
default :
+ cp += dlen;
break;
}
}
__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com
