--YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Previously Theo de Raadt wrote: > Well, here's a first cut at fixing some of the nslookup/dig problems. > This patch should get people started at repairing their distributions. > If anyone has any further fixes or notes some other issues in this > area, please let me know. This patch doesn't apply to bind 8.1.2. I've revised the patch a bit and came to the patch below.=20 Wichert. diff -ru org/bind-8.1.2/bin/dig/dig.c bind-8.1.2/bin/dig/dig.c --- org/bind-8.1.2/bin/dig/dig.c Thu Mar 19 20:30:18 1998 +++ bind-8.1.2/bin/dig/dig.c Tue Sep 1 17:03:21 1998 @@ -745,9 +745,11 @@ static int SetOption(const char *string) { char option[NAME_LEN], type[NAME_LEN], *ptr; + char get[80]; int i; =20 - i =3D sscanf(string, " %s", option); + snprintf(get, sizeof(get), " %%%ds", sizeof(option-1)); + i =3D sscanf(string, get, option); if (i !=3D 1) { fprintf(stderr, ";*** Invalid option: %s\n", option); return (ERROR); @@ -779,8 +781,10 @@ _res.options &=3D ~RES_DNSRCH; } else if (strncmp(option, "do", 2) =3D=3D 0) { /* domain */ ptr =3D strchr(option, '=3D'); - if (ptr !=3D NULL) - sscanf(++ptr, "%s", _res.defdname); + if (ptr !=3D NULL) { + snprintf(get, sizeof(get),"%%%ds", sizeof(_res.defdname)); + sscanf(++ptr, get, _res.defdname); + } } else if (strncmp(option, "ti", 2) =3D=3D 0) { /* timeout */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) diff -ru org/bind-8.1.2/bin/nslookup/list.c bind-8.1.2/bin/nslookup/list.c --- org/bind-8.1.2/bin/nslookup/list.c Tue Nov 18 01:32:33 1997 +++ bind-8.1.2/bin/nslookup/list.c Tue Sep 1 17:09:09 1998 @@ -152,13 +152,16 @@ ListHostsByType(char *string, int putToFile) { char *namePtr, name[NAME_LEN], option[NAME_LEN]; int i, qtype, result; + char get[80]; =20 /* * Parse the command line. It maybe of the form "ls -t domain" * or "ls -t type domain". */ =20 - i =3D sscanf(string, " ls -t %s %s", option, name); + snprintf(get, sizeof get, " ls -t %%%ds %%%ds", sizeof option-1, + sizeof name-1); + i =3D sscanf(string, get, option, name); if (putToFile && i =3D=3D 2 && name[0] =3D=3D '>') i--; if (i =3D=3D 2) { @@ -183,12 +186,15 @@ ListHosts(char *string, int putToFile) { char *namePtr, name[NAME_LEN], option[NAME_LEN]; int i, qtype, result; + char get[80]; =20 /* * Parse the command line. It maybe of the form "ls domain", * "ls -X domain". */ - i =3D sscanf(string, " ls %s %s", option, name); + snprintf(get, sizeof get, " ls -t %%%ds %%%ds", sizeof option-1, + sizeof name-1); + i =3D sscanf(string, get, option, name); if (putToFile && i =3D=3D 2 && name[0] =3D=3D '>') i--; if (i =3D=3D 2) { @@ -481,8 +487,10 @@ { char file[PATH_MAX]; char command[PATH_MAX]; + char get[80]; =20 - sscanf(string, " view %s", file); + snprintf(get, sizeof get, " view %%%ds", sizeof file-1); + sscanf(string, get, file); (void)sprintf(command, "grep \"^ \" %s | sort | %s", file, pager); system(command); } @@ -516,6 +524,7 @@ int lastc; char name[NAME_LEN]; char file[NAME_LEN]; + char get[80]; =20 /* * We need a valid current host info to get an inet address. @@ -525,7 +534,8 @@ return (ERROR); } =20 - if (sscanf(string, " finger %s", name) =3D=3D 1) { + snprintf(get, sizeof get, " finger %%%ds", sizeof name-1); + if (sscanf(string, get, name) =3D=3D 1) { if (putToFile && (name[0] =3D=3D '>')) { name[0] =3D '\0'; } diff -ru org/bind-8.1.2/bin/nslookup/main.c bind-8.1.2/bin/nslookup/main.c --- org/bind-8.1.2/bin/nslookup/main.c Fri Apr 25 02:27:18 1997 +++ bind-8.1.2/bin/nslookup/main.c Tue Sep 1 21:15:25 1998 @@ -464,6 +464,7 @@ char newServer[NAME_LEN]; int result; int i; + char get[40]; =20 /* * Parse the command line. It maybe of the form "server name", @@ -471,12 +472,15 @@ */ =20 if (local) { - i =3D sscanf(string, " lserver %s", newServer); + snprintf(get, sizeof get, "lserver %%%ds", sizeof newServer-1); + i =3D sscanf(string, get, newServer); } else { - i =3D sscanf(string, " server %s", newServer); + snprintf(get, sizeof get, "server %%%ds", sizeof newServer-1); + i =3D sscanf(string, get, newServer); } if (i !=3D 1) { - i =3D sscanf(string, " %s", newServer); + snprintf(get, sizeof get, " %%%ds", sizeof newServer-1); + i =3D sscanf(string, get, newServer); if (i !=3D 1) { fprintf(stderr,"SetDefaultServer: invalid name: %s\n", string); return(ERROR); @@ -667,6 +671,7 @@ char host[NAME_LEN]; char file[PATH_MAX]; int result; + char get[80]; =20 /* * Invalidate the current host information to prevent Finger=20 @@ -681,7 +686,8 @@ * */ =20 - sscanf(string, " %s", host); /* removes white space */ + snprintf(get, sizeof get, " %%%ds", sizeof host-1); + sscanf(string, get, host); /* removes white space */ if (!putToFile) { filePtr =3D stdout; } else { @@ -738,11 +744,13 @@ char host[NAME_LEN]; char server[NAME_LEN]; int result; + char get[80]; static HostInfo serverInfo; =20 curHostValid =3D FALSE; =20 - sscanf(string, " %s %s", host, server); + snprintf(get, sizeof get, " %%%ds %%%ds", sizeof host-1, sizeof server= -1); + sscanf(string, get, host, server); if (!putToFile) { filePtr =3D stdout; } else { @@ -823,6 +831,7 @@ char type[NAME_LEN]; char *ptr; int tmp; + char get[40]; =20 while (isspace(*option)) ++option; @@ -851,7 +860,8 @@ } else if (strncmp(option, "do", 2) =3D=3D 0) { /* domain */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) { - sscanf(++ptr, "%s", _res.defdname); + snprintf(get, sizeof get, "%%%ds", sizeof _res.defdname-1); + sscanf(++ptr, get, _res.defdname); res_re_init(); } } else if (strncmp(option, "deb", 1) =3D=3D 0) { /* debug */ @@ -877,13 +887,15 @@ strncmp(option, "ty", 2) =3D=3D 0) { /* type */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) { - sscanf(++ptr, "%s", type); + snprintf(get, sizeof get, "%%%ds", sizeof type-1); + sscanf(++ptr, get, type); queryType =3D StringToType(type, queryType, stderr); } } else if (strncmp(option, "cl", 2) =3D=3D 0) { /* query class */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) { - sscanf(++ptr, "%s", type); + snprintf(get, sizeof get, "%%%ds", sizeof type-1); + sscanf(++ptr, get, type); queryClass =3D StringToClass(type, queryClass, stderr); } } else if (strncmp(option, "rec", 3) =3D=3D 0) { /* recurse */ @@ -901,7 +913,8 @@ } else if (strncmp(option, "ro", 2) =3D=3D 0) { /* root */ ptr =3D strchr(option, '=3D'); if (ptr !=3D NULL) { - sscanf(++ptr, "%s", rootServerName); + snprintf(get, sizeof get, "%%%ds", sizeof rootServerName-1); + sscanf(++ptr, get, rootServerName); } } else if (strncmp(option, "sea", 3) =3D=3D 0) { /* search list */ _res.options |=3D RES_DNSRCH; @@ -964,6 +977,7 @@ int n; =20 (void)strncpy(_res.defdname, cp, sizeof(_res.defdname) - 1); + _res.defdname[sizeof(_res.defdname) - 1] =3D '\0'; if ((cp =3D strchr(_res.defdname, '\n')) !=3D NULL) *cp =3D '\0'; /* @@ -1109,8 +1123,9 @@ if ((cp =3D getenv("HOME")) !=3D NULL && (strlen(cp) + strlen(_PATH_NSLOOKUPRC)) < sizeof(buf)) { =20 - (void) strcpy(buf, cp); - (void) strcat(buf, _PATH_NSLOOKUPRC); + (void) strncpy(buf, cp, sizeof buf - 1); + buf[sizeof buf - 1] =3D '\0'; + (void) strncat(buf, _PATH_NSLOOKUPRC, sizeof buf - strlen(buf) - 1); =20 if ((fp =3D fopen(buf, "r")) !=3D NULL) { while (fgets(buf, sizeof(buf), fp) !=3D NULL) { diff -ru org/bind-8.1.2/bin/nslookup/subr.c bind-8.1.2/bin/nslookup/subr.c --- org/bind-8.1.2/bin/nslookup/subr.c Fri Apr 25 02:27:19 1997 +++ bind-8.1.2/bin/nslookup/subr.c Tue Sep 1 21:14:39 1998 @@ -341,6 +341,7 @@ { char *redirect; FILE *tmpPtr; + char get[80]; =20 /* * Open an output file if we see '>' or >>'. @@ -352,10 +353,12 @@ return(NULL); } if (redirect[1] =3D=3D '>') { - sscanf(redirect, ">> %s", file); + snprintf(get, sizeof get, ">> %%%ds", sizeof file-1); + sscanf(redirect, get, file); tmpPtr =3D fopen(file, "a+"); } else { - sscanf(redirect, "> %s", file); + snprintf(get, sizeof get, "> %%%ds", sizeof file-1); + sscanf(redirect, get, file); tmpPtr =3D fopen(file, "w"); } =20 --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQB1AwUBNfCR4ajZR/ntlUftAQHleQL8CSgokwkGTxTxWSzLNxwXQKPHdYMCLJv+ l/g4NZIPM2OpVlAKVFZDCmcinTFufpOgrE2UhKf2PO53u/tTrdu3yI57XHlSmiSk 7VHHkw94h8QezxBmBKuW90jD6o1YhkB/ =XZCq -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:59 PDT