Project

General

Profile

Actions

Bug #4985

closed

reverse resolve does not work in /usr/lib/krb5/klookup

Added by Marcel Telka about 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
2014-07-09
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Reverse resolve does not work in /usr/lib/krb5/klookup:

# /usr/lib/krb5/klookup google-public-dns-a.google.com I
8.8.8.8
# /usr/lib/krb5/klookup 8.8.8.8 P
#

The bug is in the following piece of code:

52    unsigned char answer[NS_MAXMSG], *ansp = NULL, *end, a, b, c, d;

...

83            case 'P':
84                rr_type = T_PTR;
85                (void) sscanf(name, "%d.%d.%d.%d",
86                    &a, &b, &c, &d);
87                (void) sprintf(name, "%d.%d.%d.%d.in-addr.arpa",
88                    d, c, b, a);
89                break;

The last four parameters to sscanf() are treated as pointers to int (note %d), but all four local variables (a, b, c, d) used here are defined as chars. The sscanf() function simply corrupts the contents of the local variables because of this issue.

The fix is to use %hhd instead of %d in the sscanf() format string.

Actions #1

Updated by Marcel Telka about 7 years ago

  • Status changed from In Progress to Pending RTI
Actions #2

Updated by Electric Monk about 7 years ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit 9c62f9ec8ed42265fb80cb8d6873fabfae3941ab

commit  9c62f9ec8ed42265fb80cb8d6873fabfae3941ab
Author: Marcel Telka <marcel.telka@nexenta.com>
Date:   2014-07-09T17:07:49.000Z

    4985 reverse resolve does not work in /usr/lib/krb5/klookup
    Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Actions

Also available in: Atom PDF