Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

BitchX DNS Overflow Patch

From: nimrood <nimrood () ONEBOX COM>
Date: Wed, 6 Dec 2000 22:28:13 -0800
listed are two bugs in the BitchX irc client. a possible stack overflow
condition exists if a malformed DNS answer is processed by the client.
a second bug allows this malformed DNS record to be embedded in a valid
DNS packet. without the second bug the malformed DNS record wouldn't
be processed "correctly."

this patch is derived from the BitchX-1.0c17 source tree, but is relevent
to previous versions:

*** BitchX/source/misc.c.orig   Thu Dec  7 01:33:11 2000
--- BitchX/source/misc.c        Thu Dec  7 01:42:38 2000
***************
*** 2643,2648 ****
--- 2643,2653 ----
                switch(type)
                {
                case T_A :
+                       if (dlen != sizeof(struct in_addr))
+                       {
+                               cp += dlen;
+                               break;
+                       }
                        rptr->re_he.h_length = dlen;
                        if (ans == 1)
                                rptr->re_he.h_addrtype=(class == C_IN)
?
***************
*** 2689,2694 ****
--- 2694,2700 ----
                        *alias = NULL;
                        break;
                default :
+                       cp += dlen;
                        break;
                }
        }

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com
Previous By Date Next
Previous By Thread Next

Current thread: