Project

General

Profile

Bug #4985

reverse resolve does not work in /usr/lib/krb5/klookup

Added by Marcel Telka over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
2014-07-09
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

Reverse resolve does not work in /usr/lib/krb5/klookup:

# /usr/lib/krb5/klookup google-public-dns-a.google.com I
8.8.8.8
# /usr/lib/krb5/klookup 8.8.8.8 P
#

The bug is in the following piece of code:

52    unsigned char answer[NS_MAXMSG], *ansp = NULL, *end, a, b, c, d;

...

83            case 'P':
84                rr_type = T_PTR;
85                (void) sscanf(name, "%d.%d.%d.%d",
86                    &a, &b, &c, &d);
87                (void) sprintf(name, "%d.%d.%d.%d.in-addr.arpa",
88                    d, c, b, a);
89                break;

The last four parameters to sscanf() are treated as pointers to int (note %d), but all four local variables (a, b, c, d) used here are defined as chars. The sscanf() function simply corrupts the contents of the local variables because of this issue.

The fix is to use %hhd instead of %d in the sscanf() format string.

History

#1

Updated by Marcel Telka over 5 years ago

  • Status changed from In Progress to Pending RTI
#2

Updated by Electric Monk over 5 years ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit 9c62f9ec8ed42265fb80cb8d6873fabfae3941ab

commit  9c62f9ec8ed42265fb80cb8d6873fabfae3941ab
Author: Marcel Telka <marcel.telka@nexenta.com>
Date:   2014-07-09T17:07:49.000Z

    4985 reverse resolve does not work in /usr/lib/krb5/klookup
    Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Also available in: Atom PDF