Bugtraq mailing list archives
Re: nslookup issues
From: peak () kerberos troja mff cuni cz (Pavel Kankovsky)
Date: Wed, 2 Sep 1998 11:43:38 +0200
BTW: nslookup can't grok big DNS responses and often crashes when it gets one because it *reads* (1) beyond the end of its buffer. Just a little funny excerpt from GetAnswer (getinfo.c): status = SendRequest(nsAddrPtr, msg, msglen, (char *) &answer, sizeof(answer), &n); ... eom = (u_char *) &answer + n; (n is the FULL size of the response, n > sizeof(answer) if the response was truncated because it did not fit into the buffer, which is 1kB long in nslookup) Moreover, a lot of code in getinfo.c and debug.c does not care much about the end of the buffer (even if it gets it right). Check the diffs between bind 4.9.6 and bind 4.9.7 and you'll see they have fixed lots of bugs of this kind in named. (Hmm, I should look at bind 8.) This is the software supposed to keep Internet running. It's scary. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "You can't be truly paranoid unless you're sure they have already got you." (1) I don't guarantee it is impossible to abuse it
Current thread:
- Re: nslookup issues Theo de Raadt (Sep 01)
- Re: nslookup issues Pavel Kankovsky (Sep 02)
- <Possible follow-ups>
- Re: nslookup issues Wichert Akkerman (Sep 04)