Date: Fri, 12 May 1995 00:44:32 -0700 From: Paul Traina <pst@Shockwave.COM> To: KATO Takenori <kato@eclogite.eps.nagoya-u.ac.jp> Cc: FreeBSD-security@FreeBSD.org Subject: Re: DNS Security Hole Message-ID: <199505120744.AAA06220@precipice.shockwave.com> In-Reply-To: Your message of "Fri, 12 May 1995 16:23:58 %2B0900." <199505120723.QAA02498@marble.eps.nagoya-u.ac.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
Why would we ever want this under an #ifdef?
Sounds like it should always be applied.
From: KATO Takenori <kato@eclogite.eps.nagoya-u.ac.jp>
Subject: DNS Security Hole
Resolver in FreeBSD 2.0 Release and FreeBSD-current doesn't support
"SUNSECURITY" option which appears in BIND-4.9.2. So I made a patch
to support this option. Code in this patch is derived from
BIND-4.9.3-BETA17 and its fatal bug is fixed.
-------- BEGIN ----------
*** lib/libc/Makefile.orig Mon May 8 23:56:11 1995
--- lib/libc/Makefile Tue May 9 15:05:09 1995
***************
*** 8,14 ****
LIB=c
SHLIB_MAJOR= 2
SHLIB_MINOR= 1
! CFLAGS+=-DLIBC_RCS -DSYSLIBC_RCS
AINC= -I${.CURDIR}/${MACHINE}
CLEANFILES+=tags
INSTALL_PIC_ARCHIVE= yes
--- 8,14 ----
LIB=c
SHLIB_MAJOR= 2
SHLIB_MINOR= 1
! CFLAGS+=-DLIBC_RCS -DSYSLIBC_RCS -DSUNSECURITY
AINC= -I${.CURDIR}/${MACHINE}
CLEANFILES+=tags
INSTALL_PIC_ARCHIVE= yes
*** lib/libc/net/gethostnamadr.c.orig Mon May 8 23:41:11 1995
--- lib/libc/net/gethostnamadr.c Tue May 9 17:24:10 1995
***************
*** 37,42 ****
--- 37,46 ----
#include <ctype.h>
#include <errno.h>
#include <string.h>
+ #ifdef SUNSECURITY
+ #include <arpa/nameser.h>
+ #include <syslog.h>
+ #endif
extern struct hostent * _gethostbyhtname __P((const char *));
extern struct hostent * _gethostbydnsname __P((const char *));
***************
*** 156,161 ****
--- 160,171 ----
{
struct hostent *hp = 0;
int nserv = 0;
+ #ifdef SUNSECURITY
+ struct hostent *rhp = 0;
+ char **haddr;
+ char hname2[MAXDNAME+1];
+ char *addr2;
+ #endif
if (!service_done)
init_services();
***************
*** 176,181 ****
--- 186,213 ----
}
nserv++;
}
+ #ifdef SUNSECURITY
+ /*
+ * turn off search as the name should be absolute,
+ * 'localhost' should be matched by defnames
+ */
+ strncpy(hname2, hp->h_name, MAXDNAME);
+ hname2[MAXDNAME] = '\0';
+ /* if (!(rhp = gethostbyname(hp->h_name))) { ORIGINAL BUG */
+ if (!(rhp = gethostbyname(hname2))) {
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "gethostbyaddr: No A record for %s (verifying [%s])",
+ hname2, inet_ntoa(*((struct in_addr *)addr)));
+ return (NULL);
+ }
+ for (haddr = rhp->h_addr_list; *haddr; haddr++)
+ if (memcmp(*haddr,
+ addr, INADDRSZ)== 0)
+ return hp;
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "gethostbyaddr: A record of %s != PTR record [%s]",
+ hname2, inet_ntoa(*((struct in_addr *)addr)));
+ return (NULL);
+ #endif
return hp;
}
*** lib/libresolv/Makefile.orig Tue May 9 00:48:56 1995
--- lib/libresolv/Makefile Tue May 9 00:49:19 1995
***************
*** 1,7 ****
# @(#)Makefile 8.1 (Berkeley) 6/4/93
LIB=resolv
! CFLAGS+=-DDEBUG -DLIBC_SCCS
.PATH: ${.CURDIR}/../libc/net
--- 1,7 ----
# @(#)Makefile 8.1 (Berkeley) 6/4/93
LIB=resolv
! CFLAGS+=-DDEBUG -DLIBC_SCCS -DSUNSECURITY
.PATH: ${.CURDIR}/../libc/net
---------- END ----------
----------------
KATO Takenori
Dept. Earth Planet. Sci. Nagoya Univ. Nagoya 464-01 Japan
E-mail: kato@eclogite.eps.nagoya-u.ac.jp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505120744.AAA06220>