Nmap Development mailing list archives

Re: DNS decoding bug in dns-zone-transfer.nse fixed

From: Fyodor <fyodor () insecure org>
Date: Fri, 6 Feb 2009 12:33:25 -0800

On Fri, Feb 06, 2009 at 12:23:05PM -0700, David Fifield wrote:

Today I got a Zenmap crash report and was fortunate that the submitter
agreed to send the XML file to me. I eventually traced the bug to
dns-zone-transfer.nse of all places. There was a decoding bug (fixed in
r12015) that caused all kinds of binary data to appear in script output.
Some of it made it into the XML file and made the file non-well-formed.
The bug was kind of interesting so I'll describe it here.


Good catch!  I've also added the XML escaping problem and the infinite
recursion bug to docs/TODO.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

DNS decoding bug in dns-zone-transfer.nse fixed David Fifield (Feb 06)
- Stack overflow in dns-zone-transfer.nse David Fifield (Feb 06)
  - Re: Stack overflow in dns-zone-transfer.nse David Fifield (Feb 07)
  - Re: Stack overflow in dns-zone-transfer.nse David Fifield (Feb 09)
- Re: DNS decoding bug in dns-zone-transfer.nse fixed Fyodor (Feb 06)