Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 4024 - Too many supplied nameservers will core dump pump-0.6.7
Summary: Too many supplied nameservers will core dump pump-0.6.7
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pump
Version: 6.0
Hardware: i386
OS: Linux
high
high
Target Milestone: ---
Assignee: Erik Troan
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-07-14 02:03 UTC by jjohnson
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-08-16 18:30:26 UTC


Attachments (Terms of Use)

Description jjohnson 1999-07-14 02:03:30 UTC
If a DHCP server supplies more than 3 DNS servers, the
process will overwrite the count and probably dump pump.

Here is the problem code:

struct intfInfo {
...
struct in_addr gateway;
struct in_addr dnsServers[3];
int numDns;
}

If the dnsServers are overrun, the next one blows away the
numDns value.

Also, there is not a check in place to prevent this from
happenning.

CODE:
for (i = 0; i < length; i += 4)
    memcpy(&intf->dnsServers[intf->numDns++], chptr + i, 4);

The fix is simple.

Comment 1 Jay Turner 1999-07-14 13:45:59 UTC
This issue has been assigned to a developer for further action.

Comment 2 brantley 1999-07-22 16:43:59 UTC
I also ran into the bug and completely agree with
jjohnson@austin.rr.com - the fix is simple.  Moreover, I'd note that
while 3 may be a reasonable number of nameservers, it's not a
reasonable number of interfaces when one or more of those (3) hosts is
multi-homed.

As trivial as the fix is, I developed a patch and thought I'd send it
your way in the hopes that it might save somebody time.

Hope this helps -
--
- Michael


*** pump.c.orig Sat May  8 16:27:32 1999
--- pump.c      Thu Jul 22 13:20:25 1999
***************
*** 446,452 ****
        switch (option) {
            case BOOTP_OPTION_DNS:
                intf->numDns = 0;
!               for (i = 0; i < length; i += 4)
                    memcpy(&intf->dnsServers[intf->numDns++], chptr +
i, 4);
                intf->set |= NETINFO_HAS_DNS;
                break;
--- 446,452 ----
        switch (option) {
            case BOOTP_OPTION_DNS:
                intf->numDns = 0;
!               for (i = 0; ((i < length) && (intf->numDns <
INTFINFO_NUM_DNSSERVERS)); i += 4)
                    memcpy(&intf->dnsServers[intf->numDns++], chptr +
i, 4);
                intf->set |= NETINFO_HAS_DNS;
                break;
*** net.h.orig  Tue Apr 13 17:01:46 1999
--- net.h       Thu Jul 22 13:20:42 1999
***************
*** 21,26 ****
--- 21,27 ----
  #define INTFINFO_HAS_BOOTFILE (1 << 6)
  #define INTFINFO_HAS_LEASE    (1 << 7)
  #define INTFINFO_HAS_REQLEASE (1 << 8)
+ #define INTFINFO_NUM_DNSSERVERS       8

  #define NETINFO_HAS_GATEWAY   (1 << 20)
  #define NETINFO_HAS_HOSTNAME  (1 << 21)
***************
*** 38,44 ****
      int reqLease;             /* in seconds */
      char * hostname, * domain;                /* dynamically
allocated */
      struct in_addr gateway;
!     struct in_addr dnsServers[3];
      int numDns;
  };

--- 39,45 ----
      int reqLease;             /* in seconds */
      char * hostname, * domain;                /* dynamically
allocated */
      struct in_addr gateway;
!     struct in_addr dnsServers[INTFINFO_NUM_DNSSERVERS];
      int numDns;
  };

Comment 3 Erik Troan 1999-08-16 18:30:59 UTC
Fixed in pump 0.7.0


Note You need to log in before you can comment on or make changes to this bug.