public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/10360] New: EDNS0: res_nopt truncates buffer size incorrectly
@ 2009-07-03 15:26 bugzilla at webform dot tiuval dot de
2009-07-03 15:28 ` [Bug libc/10360] " bugzilla at webform dot tiuval dot de
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: bugzilla at webform dot tiuval dot de @ 2009-07-03 15:26 UTC (permalink / raw)
To: glibc-bugs
Resolver functions allow buffer sizes > 65535 bytes. If RES_USE_EDNS0 is set,
res_nopt() truncates this value to 16 bit, resulting in an incorrect buffer size
advertised in EDNS query headers.
portable OpenSSH triggers this behaviour, as described here:
http://marc.info/?l=openssh-unix-dev&m=124625332427704&w=2
openbsd-compat/getrrsetbyname() sets a buffer size of 65536 bytes. In the glibc
stub-resolver, it is eventually passed on as "anslen" to __res_nopt() in
resolv/res_mkquery.c:
[...]
NS_PUT16(anslen & 0xffff, cp); /* CLASS = UDP payload size */
and sent out to the recursor (UDPsize: 0xf0000 & 0xffff == 0)
| IP 127.0.0.1.44138 > 127.0.0.1.53: 31454+ [1au] SSHFP?
orbit.attraktor.org. ar: . OPT UDPsize=0 (48)
| IP 127.0.0.1.53 > 127.0.0.1.44138: 31454 ServFail-| [0q] 0/0/0 (12)
--
Summary: EDNS0: res_nopt truncates buffer size incorrectly
Product: glibc
Version: 2.10
Status: NEW
Severity: minor
Priority: P3
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: bugzilla at webform dot tiuval dot de
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=10360
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/10360] EDNS0: res_nopt truncates buffer size incorrectly
2009-07-03 15:26 [Bug libc/10360] New: EDNS0: res_nopt truncates buffer size incorrectly bugzilla at webform dot tiuval dot de
@ 2009-07-03 15:28 ` bugzilla at webform dot tiuval dot de
2009-07-03 15:29 ` bugzilla at webform dot tiuval dot de
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: bugzilla at webform dot tiuval dot de @ 2009-07-03 15:28 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From bugzilla at webform dot tiuval dot de 2009-07-03 15:28 -------
Created an attachment (id=4035)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=4035&action=view)
cap anslen in res_nopt() at 0xffff
cap anslen in res_nopt() at 0xffff
assert() inserted because I'm not sure if negative values could be passed to
res_nopt()
--
http://sourceware.org/bugzilla/show_bug.cgi?id=10360
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/10360] EDNS0: res_nopt truncates buffer size incorrectly
2009-07-03 15:26 [Bug libc/10360] New: EDNS0: res_nopt truncates buffer size incorrectly bugzilla at webform dot tiuval dot de
2009-07-03 15:28 ` [Bug libc/10360] " bugzilla at webform dot tiuval dot de
@ 2009-07-03 15:29 ` bugzilla at webform dot tiuval dot de
2009-07-07 0:02 ` sc0ttbeardsley at gmail dot com
2009-07-17 6:44 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: bugzilla at webform dot tiuval dot de @ 2009-07-03 15:29 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4035|cap anslen in res_nopt() at |cap anslen in res_nopt() at
description|0xffff |0xffff. assert() inserted
| |because I'm not sure if
| |negative values could be
| |passed to res_nopt()
http://sourceware.org/bugzilla/show_bug.cgi?id=10360
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/10360] EDNS0: res_nopt truncates buffer size incorrectly
2009-07-03 15:26 [Bug libc/10360] New: EDNS0: res_nopt truncates buffer size incorrectly bugzilla at webform dot tiuval dot de
2009-07-03 15:28 ` [Bug libc/10360] " bugzilla at webform dot tiuval dot de
2009-07-03 15:29 ` bugzilla at webform dot tiuval dot de
@ 2009-07-07 0:02 ` sc0ttbeardsley at gmail dot com
2009-07-17 6:44 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: sc0ttbeardsley at gmail dot com @ 2009-07-07 0:02 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |sc0ttbeardsley at gmail dot
| |com
http://sourceware.org/bugzilla/show_bug.cgi?id=10360
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/10360] EDNS0: res_nopt truncates buffer size incorrectly
2009-07-03 15:26 [Bug libc/10360] New: EDNS0: res_nopt truncates buffer size incorrectly bugzilla at webform dot tiuval dot de
` (2 preceding siblings ...)
2009-07-07 0:02 ` sc0ttbeardsley at gmail dot com
@ 2009-07-17 6:44 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: drepper at redhat dot com @ 2009-07-17 6:44 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2009-07-17 06:44 -------
The code comes from bind upstream. I've checked in a similar patch.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=10360
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/10360] EDNS0: res_nopt truncates buffer size incorrectly
[not found] <bug-10360-131@http.sourceware.org/bugzilla/>
@ 2014-07-01 7:52 ` fweimer at redhat dot com
0 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-07-01 7:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=10360
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-07-01 7:52 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-07-03 15:26 [Bug libc/10360] New: EDNS0: res_nopt truncates buffer size incorrectly bugzilla at webform dot tiuval dot de
2009-07-03 15:28 ` [Bug libc/10360] " bugzilla at webform dot tiuval dot de
2009-07-03 15:29 ` bugzilla at webform dot tiuval dot de
2009-07-07 0:02 ` sc0ttbeardsley at gmail dot com
2009-07-17 6:44 ` drepper at redhat dot com
[not found] <bug-10360-131@http.sourceware.org/bugzilla/>
2014-07-01 7:52 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).