[2266] in bugtraq
Re: Ray Cromwell: Another Netscape Bug (and possible security
daemon@ATHENA.MIT.EDU (mueller_scott)
Tue Sep 26 18:33:34 1995
X-Envelope-To: BUGTRAQ@crimelab.com
Date: Fri, 22 Sep 1995 11:23:12 PDT
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: mueller_scott <scott@loc3.tandem.com>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Perry writes:
>This bug may make it possible to execute arbitrary code on any
>Netscape browser on the net.
Ray Clark writes:
>As you can see, I just chose an extremely long domain name. I guessed
>that the authors of netscape probably thought something like "well,
>a buffer size of 256 characters is good enough to hold any domain"
Not that it entirely excuses Netscape, but RFC 1034 ("DOMAIN NAMES - CONCEPTS
AND FACILITIES") section 3.1 states:
To simplify implementations, the total number of octets that represent a
domain name (i.e., the sum of all label octets and label lengths) is
limited to 255.
[end excerpt]
They should handle exceptions gracefully.
--
Scott Hazen Mueller, Tandem Computers +1 408 285 5762 scott@tandem.com
Unix System/Network Administrator, Host-, Post-, News- and Web-Master
