Vulnerability Development mailing list archives
Re: Bug, possible hole in nslookup, various operating systems
From: Kyle Bradley <primtech () FONE NET>
Date: Sat, 16 Dec 2000 15:33:04 -0700
I don't think this is really a problem. I'm looking at code for nslookup that came from bind-8.2.2_P5-9.src.rpm with my Redhat 6.2 installation. In src/bin/nslookup/main.c: static const char sccsid[] = "@(#)main.c 5.42 (Berkeley) 3/3/91"; static const char rcsid[] = "$Id: main.c,v 8.13 1999/10/13 16:39:19 vixie Exp $"; It looks like the ^C is caught by the IntrHandler() routine (right at the top of subr.c). According to the comments: * This routine is called whenever a control-C is typed. * It performs three main functions: * - closes an open socket connection, * - closes an open output file (used by LookupHost, et al.), * - jumps back to the main read-eval loop. So, the ^C is hit during the main read-eval loop in interactive mode, IntrHandler() is called, and yyrestart() is called again or longjmp() jumps back to the last setjmp(). If longjmp() is called instead of yyrestart(), the program resumes execution in main.c, line 358: /* * Setup the environment to allow the interrupt handler to return here. */ (void) setjmp(env); which is right before the scanner code: printf("> "); fflush(stdout); while(yylex()) { printf("> "); fflush(stdout); } The flex man page says: - flex scanners are not as reentrant as lex scanners. In particular, if you have an interactive scanner and an interrupt handler which long-jumps out of the scanner, and the scanner is subsequently called again, you may get the following message: fatal flex scanner internal error--end of buffer missed To reenter the scanner, first use yyrestart( yyin ); So the error is that the SIGINT causes a longjmp() out of the read-eval loop, which gets run again. flex isn't able to handle this, so it spits out the error. I don't see any security problem with this right offhand. - Kyle -- | "Words come from an ancestry, deeds from a mastery: when these are | | unknown, so am I. In my obscurity is my value. That's why the wise | | wear their jade under common clothes. - Lao Tzu" | primtech () fone net
Current thread:
- Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 17)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Michal Zalewski (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Steve Lord (Dec 19)
- Re: Bug, possible hole in nslookup, various operating systems Ryan W. Maple (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems rpc (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems SSecurity (Dec 18)
- <Possible follow-ups>
- Re: Bug, possible hole in nslookup, various operating systems Kyle Bradley (Dec 18)