Bugtraq mailing list archives
BitchX DNS Overflow Patch
From: nimrood <nimrood () ONEBOX COM>
Date: Wed, 6 Dec 2000 22:28:13 -0800
listed are two bugs in the BitchX irc client. a possible stack overflow condition exists if a malformed DNS answer is processed by the client. a second bug allows this malformed DNS record to be embedded in a valid DNS packet. without the second bug the malformed DNS record wouldn't be processed "correctly." this patch is derived from the BitchX-1.0c17 source tree, but is relevent to previous versions: *** BitchX/source/misc.c.orig Thu Dec 7 01:33:11 2000 --- BitchX/source/misc.c Thu Dec 7 01:42:38 2000 *************** *** 2643,2648 **** --- 2643,2653 ---- switch(type) { case T_A : + if (dlen != sizeof(struct in_addr)) + { + cp += dlen; + break; + } rptr->re_he.h_length = dlen; if (ans == 1) rptr->re_he.h_addrtype=(class == C_IN) ? *************** *** 2689,2694 **** --- 2694,2700 ---- *alias = NULL; break; default : + cp += dlen; break; } } __________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com
Current thread:
- BitchX DNS Overflow Patch nimrood (Dec 08)