Project

General

Profile

Actions

Bug #4985

closed

reverse resolve does not work in /usr/lib/krb5/klookup

Added by Marcel Telka about 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
2014-07-09
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Reverse resolve does not work in /usr/lib/krb5/klookup:

# /usr/lib/krb5/klookup google-public-dns-a.google.com I
8.8.8.8
# /usr/lib/krb5/klookup 8.8.8.8 P
#

The bug is in the following piece of code:

52    unsigned char answer[NS_MAXMSG], *ansp = NULL, *end, a, b, c, d;

...

83            case 'P':
84                rr_type = T_PTR;
85                (void) sscanf(name, "%d.%d.%d.%d",
86                    &a, &b, &c, &d);
87                (void) sprintf(name, "%d.%d.%d.%d.in-addr.arpa",
88                    d, c, b, a);
89                break;

The last four parameters to sscanf() are treated as pointers to int (note %d), but all four local variables (a, b, c, d) used here are defined as chars. The sscanf() function simply corrupts the contents of the local variables because of this issue.

The fix is to use %hhd instead of %d in the sscanf() format string.

Actions

Also available in: Atom PDF