Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 2 dodgy network programs

From: zaf () NRC CO NZ (Nick 'Zaf' Clifford)
Date: Sun, 10 Oct 1999 12:07:56 +1300

Antonomasia wrote:


I was just visiting  http://www.echelon.wiretapped.net and downloaded a
small file called "tcplog.c" with no author or version stated.  It is for
logging connections to your box (linux only).

There are some minor coding gripes I could make, but line 107
takes a risk with the size of a hostname

    98  char *hostlookup(unsigned long int in)
    99  {
   100     static char blah[1024];
   101     struct in_addr i;
   102     struct hostent *he;
   103
   104     i.s_addr=in;
   105     he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET);
   106     if(he == NULL) strcpy(blah, inet_ntoa(i));
   107     else strcpy(blah, he->h_name);
   108     return blah;
   109  }


<SNIP>

The "standard" max length of a hostname is 63 characters. Its used with
little or no buffer checking in a *LOT* of code bases, most ircd's
assume this is the maximum, with little checking.

I don't think you'd be able to convince a nameservice to pass on a > 63
char hostname to a program. Though you might strike luck with
/etc/hosts.

Nick
Previous By Date Next
Previous By Thread Next

Current thread: