[Freeciv-Dev] Re: Hostname lookups again.
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Vasco Alexandre Da Silva Costa wrote:
> > > Actually checking the length field of the look-up (when we've already
> > > ascertained that it's AF_INET) might be a bit anal, but why not.
> >
> > Definitely not too anal! You should check it to prevent remote exploits
>
> Read my lips :-)
>
> gethostbyname() is a libc call to resolver, which calls DNS.
ok, ok, ok, first I have not realized you are translating hostname to IP
and not vice versa. Not enough sleep etc.
Second, there was once a bug (and now when you have mentioned it, it was
probably in libc) where carefully crafted DNS response packet with
oversized len field could lead to root compromise. Sigh, my fault
I did not want to check for libc bugs, ok?
Edheldil
- [Freeciv-Dev] Hostname lookups again., Gaute B Strokkenes, 2000/09/18
- [Freeciv-Dev] Re: Hostname lookups again., Vasco Alexandre Da Silva Costa, 2000/09/18
- [Freeciv-Dev] Re: Hostname lookups again., Vasco Alexandre Da Silva Costa, 2000/09/19
- [Freeciv-Dev] Re: Hostname lookups again., Gaute B Strokkenes, 2000/09/19
- [Freeciv-Dev] Re: Hostname lookups again., Vasco Alexandre Da Silva Costa, 2000/09/19
- [Freeciv-Dev] Re: Hostname lookups again., Gaute B Strokkenes, 2000/09/20
- [Freeciv-Dev] Re: Hostname lookups again., Gaute B Strokkenes, 2000/09/21
|
|
