Complete.Org: Mailing Lists: Archives: freeciv-dev: September 2000:
[Freeciv-Dev] Re: Hostname lookups again.
Home

[Freeciv-Dev] Re: Hostname lookups again.

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: Vasco Alexandre Da Silva Costa <vasc@xxxxxxxxxxxxxx>, gs234@xxxxxxxxx
Cc: freeciv-dev@xxxxxxxxxxx
Subject: [Freeciv-Dev] Re: Hostname lookups again.
From: Jarda Benkovsky <pvt.benkovsk@xxxxxxxxx>
Date: Wed, 20 Sep 2000 11:29:02 +0200

Vasco Alexandre Da Silva Costa wrote:
> > > Actually checking the length field of the look-up (when we've already
> > > ascertained that it's AF_INET) might be a bit anal, but why not.
> >
> > Definitely not too anal! You should check it to prevent remote exploits
> 
> Read my lips :-)
> 
> gethostbyname() is a libc call to resolver, which calls DNS.


ok, ok, ok, first I have not realized you are translating hostname to IP
and not vice versa. Not enough sleep etc.

Second, there was once a bug (and now when you have mentioned it, it was
probably in libc) where carefully crafted DNS response packet with
oversized len field could lead to root compromise. Sigh, my fault

I did not want to check for libc bugs, ok?

                                        Edheldil



[Prev in Thread] Current Thread [Next in Thread]