Bugtraq mailing list archives
Re: nslookup issues
From: wichert () WIGGY ML ORG (Wichert Akkerman)
Date: Sat, 5 Sep 1998 03:20:33 +0200
--YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Previously Theo de Raadt wrote:
Well, here's a first cut at fixing some of the nslookup/dig problems. This patch should get people started at repairing their distributions. If anyone has any further fixes or notes some other issues in this area, please let me know.
This patch doesn't apply to bind 8.1.2. I've revised the patch a bit and came to the patch below.=20 Wichert. diff -ru org/bind-8.1.2/bin/dig/dig.c bind-8.1.2/bin/dig/dig.c --- org/bind-8.1.2/bin/dig/dig.c Thu Mar 19 20:30:18 1998 +++ bind-8.1.2/bin/dig/dig.c Tue Sep 1 17:03:21 1998 @@ -745,9 +745,11 @@ static int SetOption(const char *string) { char option[NAME_LEN], type[NAME_LEN], *ptr; + char get[80]; int i; =20 - i =3D sscanf(string, " %s", option); + snprintf(get, sizeof(get), " %%%ds", sizeof(option-1)); + i =3D sscanf(string, get, option); if (i !=3D 1) { fprintf(stderr, ";*** Invalid option: %s\n", option); return (ERROR); @@ -779,8 +781,10 @@ _res.options &=3D ~RES_DNSRCH; } else if (strncmp(option, "do", 2) =3D=3D 0) { /* domain */ ptr =3D strchr(option, '=3D'); - if (ptr !=3D NULL) - sscanf(++ptr, "%s", _res.defdname); + if (ptr !=3D NULL) { + snprintf(get, sizeof(get),"%%%ds", sizeof(_res.defdname)); + sscanf(++ptr, get, _res.defdname); + } } else if (strncmp(option, "ti", 2) =3D=3D 0) { /* timeout */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) diff -ru org/bind-8.1.2/bin/nslookup/list.c bind-8.1.2/bin/nslookup/list.c --- org/bind-8.1.2/bin/nslookup/list.c Tue Nov 18 01:32:33 1997 +++ bind-8.1.2/bin/nslookup/list.c Tue Sep 1 17:09:09 1998 @@ -152,13 +152,16 @@ ListHostsByType(char *string, int putToFile) { char *namePtr, name[NAME_LEN], option[NAME_LEN]; int i, qtype, result; + char get[80]; =20 /* * Parse the command line. It maybe of the form "ls -t domain" * or "ls -t type domain". */ =20 - i =3D sscanf(string, " ls -t %s %s", option, name); + snprintf(get, sizeof get, " ls -t %%%ds %%%ds", sizeof option-1, + sizeof name-1); + i =3D sscanf(string, get, option, name); if (putToFile && i =3D=3D 2 && name[0] =3D=3D '>') i--; if (i =3D=3D 2) { @@ -183,12 +186,15 @@ ListHosts(char *string, int putToFile) { char *namePtr, name[NAME_LEN], option[NAME_LEN]; int i, qtype, result; + char get[80]; =20 /* * Parse the command line. It maybe of the form "ls domain", * "ls -X domain". */ - i =3D sscanf(string, " ls %s %s", option, name); + snprintf(get, sizeof get, " ls -t %%%ds %%%ds", sizeof option-1, + sizeof name-1); + i =3D sscanf(string, get, option, name); if (putToFile && i =3D=3D 2 && name[0] =3D=3D '>') i--; if (i =3D=3D 2) { @@ -481,8 +487,10 @@ { char file[PATH_MAX]; char command[PATH_MAX]; + char get[80]; =20 - sscanf(string, " view %s", file); + snprintf(get, sizeof get, " view %%%ds", sizeof file-1); + sscanf(string, get, file); (void)sprintf(command, "grep \"^ \" %s | sort | %s", file, pager); system(command); } @@ -516,6 +524,7 @@ int lastc; char name[NAME_LEN]; char file[NAME_LEN]; + char get[80]; =20 /* * We need a valid current host info to get an inet address. @@ -525,7 +534,8 @@ return (ERROR); } =20 - if (sscanf(string, " finger %s", name) =3D=3D 1) { + snprintf(get, sizeof get, " finger %%%ds", sizeof name-1); + if (sscanf(string, get, name) =3D=3D 1) { if (putToFile && (name[0] =3D=3D '>')) { name[0] =3D '\0'; } diff -ru org/bind-8.1.2/bin/nslookup/main.c bind-8.1.2/bin/nslookup/main.c --- org/bind-8.1.2/bin/nslookup/main.c Fri Apr 25 02:27:18 1997 +++ bind-8.1.2/bin/nslookup/main.c Tue Sep 1 21:15:25 1998 @@ -464,6 +464,7 @@ char newServer[NAME_LEN]; int result; int i; + char get[40]; =20 /* * Parse the command line. It maybe of the form "server name", @@ -471,12 +472,15 @@ */ =20 if (local) { - i =3D sscanf(string, " lserver %s", newServer); + snprintf(get, sizeof get, "lserver %%%ds", sizeof newServer-1); + i =3D sscanf(string, get, newServer); } else { - i =3D sscanf(string, " server %s", newServer); + snprintf(get, sizeof get, "server %%%ds", sizeof newServer-1); + i =3D sscanf(string, get, newServer); } if (i !=3D 1) { - i =3D sscanf(string, " %s", newServer); + snprintf(get, sizeof get, " %%%ds", sizeof newServer-1); + i =3D sscanf(string, get, newServer); if (i !=3D 1) { fprintf(stderr,"SetDefaultServer: invalid name: %s\n", string); return(ERROR); @@ -667,6 +671,7 @@ char host[NAME_LEN]; char file[PATH_MAX]; int result; + char get[80]; =20 /* * Invalidate the current host information to prevent Finger=20 @@ -681,7 +686,8 @@ * */ =20 - sscanf(string, " %s", host); /* removes white space */ + snprintf(get, sizeof get, " %%%ds", sizeof host-1); + sscanf(string, get, host); /* removes white space */ if (!putToFile) { filePtr =3D stdout; } else { @@ -738,11 +744,13 @@ char host[NAME_LEN]; char server[NAME_LEN]; int result; + char get[80]; static HostInfo serverInfo; =20 curHostValid =3D FALSE; =20 - sscanf(string, " %s %s", host, server); + snprintf(get, sizeof get, " %%%ds %%%ds", sizeof host-1, sizeof server= -1); + sscanf(string, get, host, server); if (!putToFile) { filePtr =3D stdout; } else { @@ -823,6 +831,7 @@ char type[NAME_LEN]; char *ptr; int tmp; + char get[40]; =20 while (isspace(*option)) ++option; @@ -851,7 +860,8 @@ } else if (strncmp(option, "do", 2) =3D=3D 0) { /* domain */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) { - sscanf(++ptr, "%s", _res.defdname); + snprintf(get, sizeof get, "%%%ds", sizeof _res.defdname-1); + sscanf(++ptr, get, _res.defdname); res_re_init(); } } else if (strncmp(option, "deb", 1) =3D=3D 0) { /* debug */ @@ -877,13 +887,15 @@ strncmp(option, "ty", 2) =3D=3D 0) { /* type */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) { - sscanf(++ptr, "%s", type); + snprintf(get, sizeof get, "%%%ds", sizeof type-1); + sscanf(++ptr, get, type); queryType =3D StringToType(type, queryType, stderr); } } else if (strncmp(option, "cl", 2) =3D=3D 0) { /* query class */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) { - sscanf(++ptr, "%s", type); + snprintf(get, sizeof get, "%%%ds", sizeof type-1); + sscanf(++ptr, get, type); queryClass =3D StringToClass(type, queryClass, stderr); } } else if (strncmp(option, "rec", 3) =3D=3D 0) { /* recurse */ @@ -901,7 +913,8 @@ } else if (strncmp(option, "ro", 2) =3D=3D 0) { /* root */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) { - sscanf(++ptr, "%s", rootServerName); + snprintf(get, sizeof get, "%%%ds", sizeof rootServerName-1); + sscanf(++ptr, get, rootServerName); } } else if (strncmp(option, "sea", 3) =3D=3D 0) { /* search list */ _res.options |=3D RES_DNSRCH; @@ -964,6 +977,7 @@ int n; =20 (void)strncpy(_res.defdname, cp, sizeof(_res.defdname) - 1); + _res.defdname[sizeof(_res.defdname) - 1] =3D '\0'; if ((cp =3D strchr(_res.defdname, '\n')) !=3D NULL) *cp =3D '\0'; /* @@ -1109,8 +1123,9 @@ if ((cp =3D getenv("HOME")) !=3D NULL && (strlen(cp) + strlen(_PATH_NSLOOKUPRC)) < sizeof(buf)) { =20 - (void) strcpy(buf, cp); - (void) strcat(buf, _PATH_NSLOOKUPRC); + (void) strncpy(buf, cp, sizeof buf - 1); + buf[sizeof buf - 1] =3D '\0'; + (void) strncat(buf, _PATH_NSLOOKUPRC, sizeof buf - strlen(buf) - 1); =20 if ((fp =3D fopen(buf, "r")) !=3D NULL) { while (fgets(buf, sizeof(buf), fp) !=3D NULL) { diff -ru org/bind-8.1.2/bin/nslookup/subr.c bind-8.1.2/bin/nslookup/subr.c --- org/bind-8.1.2/bin/nslookup/subr.c Fri Apr 25 02:27:19 1997 +++ bind-8.1.2/bin/nslookup/subr.c Tue Sep 1 21:14:39 1998 @@ -341,6 +341,7 @@ { char *redirect; FILE *tmpPtr; + char get[80]; =20 /* * Open an output file if we see '>' or >>'. @@ -352,10 +353,12 @@ return(NULL); } if (redirect[1] =3D=3D '>') { - sscanf(redirect, ">> %s", file); + snprintf(get, sizeof get, ">> %%%ds", sizeof file-1); + sscanf(redirect, get, file); tmpPtr =3D fopen(file, "a+"); } else { - sscanf(redirect, "> %s", file); + snprintf(get, sizeof get, "> %%%ds", sizeof file-1); + sscanf(redirect, get, file); tmpPtr =3D fopen(file, "w"); } =20 --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQB1AwUBNfCR4ajZR/ntlUftAQHleQL8CSgokwkGTxTxWSzLNxwXQKPHdYMCLJv+ l/g4NZIPM2OpVlAKVFZDCmcinTFufpOgrE2UhKf2PO53u/tTrdu3yI57XHlSmiSk 7VHHkw94h8QezxBmBKuW90jD6o1YhkB/ =XZCq -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--
Current thread:
- Re: nslookup issues Theo de Raadt (Sep 01)
- Re: nslookup issues Pavel Kankovsky (Sep 02)
- <Possible follow-ups>
- Re: nslookup issues Wichert Akkerman (Sep 04)