Date: Mon, 27 Nov 2000 14:09:34 -0800 From: Kris Kennaway <kris@FreeBSD.org> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/cron/cron cron.h Message-ID: <20001127140934.A66576@citusc17.usc.edu> In-Reply-To: <200011272106.NAA37476@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Mon, Nov 27, 2000 at 01:06:13PM -0800 References: <20001127124505.A65167@citusc17.usc.edu> <200011272106.NAA37476@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 27, 2000 at 01:06:13PM -0800, Rodney W. Grimes wrote: > > On Mon, Nov 27, 2000 at 12:18:10PM -0800, Rodney W. Grimes wrote: > > > > kris 2000/11/26 14:21:40 PST > > > >=20 > > > > Modified files: > > > > usr.sbin/cron/cron cron.h=20 > > > > Log: > > > > Correct definition of MAXHOSTNAMELEN in ifdef'ed out code > > >=20 > > > I actaully was ignoring these until it hit me, your actually probably > > > breaking the purpose of these. Old systems that didn't have MAXHOSTN= AMELEN > > > defined in system headers had a 64 byte length for this. I suspect i= f one > > > takes this code after your ``Correction'' and compiles it on one of t= hese > > > systems a buffer overflow condition could easily be triggered. > >=20 > > I'm making the buffers larger, not smaller. >=20 > Which is fine for old code returing values to new code, but new code > passing values to old code is passing values longer than the old codes > buffer. And that old code is probably riddled with strcpy's and such. There are no 64-byte buffers! > > If ths code were to be compiled on a system which has the definition > > of MAXHOSTNAMELEN in a nonstandard place (so it isn't #included by the > > code) but it has a DNS resolver which is RFC-compliant and capable of > > returning hostnames up to 255 octets long, then there would be a > > buffer overflow when it tries to store the result in a 64-byte buffer. >=20 > And conversely if it has an old non-compliant resolver passing it a > 255 byte hostname is going to overflow the 64-byte buffer. Passing from where? Where does it obtain the long hostname from, if not the resolver? I don't think you've thought this through properly. Kris --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoi254ACgkQWry0BWjoQKUsKwCgsgwyFmWdxcPU7KJU9M+duoNi yvEAoL7V3d+zu94pVPT5r5NpWBufyE9G =XLgO -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001127140934.A66576>