BusyBox Bug and Patch Tracking
BusyBox
Main | My View | View Issues | Change Log | Docs
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001468 [uClibc] Networking Support major always 08-21-07 04:03 11-01-08 17:26
Reporter vvv View Status public  
Assigned To uClibc
Priority normal Resolution open  
Status assigned   Product Version
Summary 0001468: Couple more bugs in gethostbyname() (patch attached)
Description The following bugs have been observed in gethostbyname():

1. gethostbyname() fails if DNS server returns more than 23 addresses (reported by me as 0001361)

2. gethostbyname() fails if the response from DNS server is truncated (i.e. the full response would contain more than 512 bytes). Such situation existed for a couple days for vpn.corbina.net - DNS was returning 29 addresses.

3. The h_aliases[0] field of struct hostent points to a corrupted buffer (the buffer is always overwritten by h_addr_list[0]).

The attached patch fixes the issue for uClibc-0.9.29. Note: this patch makes my fixes of 0001361 redundant.
Additional Information
Attached Files  resolv.patch [^] (5,286 bytes) 08-21-07 04:03
 b.patch [^] (7,285 bytes) 11-01-08 17:26

- Relationships
has duplicate 0001361closed uClibc gethostbyname() fails to resolve into more than 23 addresses 

- Notes
(0014814)
vda
11-01-08 16:37

 I committed some of your fixes. The biggest part which significantly alters gethostbyname_r() is not applied, I want someone to review it first. b.patch is a patch avainst today's svn.

Size:

    text data bss dec hex filename
- 748 0 0 748 2ec libc/inet/gethostbyname_r.o
+ 641 0 0 641 281 libc/inet/gethostbyname_r.o

Test program:

#include <netdb.h>
#include <sys/socket.h>
#include <stdio.h>
int main(int argc, char **argv) {
        char buf[1024];
        char **h_aliases;
        char **h_addr_list;
        struct hostent *h = gethostbyname(argv[1]);
        if (!h) {
                printf("NULL! h_errno:%d (%s)\n", h_errno, hstrerror(h_errno));
                return 0;
        }
        printf("h_name:'%s'\n", h->h_name);
        printf("h_length:%d\n", h->h_length);
        printf("h_addrtype: %x %s\n", h->h_addrtype,
                h->h_addrtype == AF_INET ? "AF_INET" :
                h->h_addrtype == AF_INET6 ? "AF_INET6" :
                "???"
        );
        h_aliases = h->h_aliases;
        while (*h_aliases)
                printf("alias:'%s'\n", *h_aliases++);
        h_addr_list = h->h_addr_list;
        while (*h_addr_list) {
                printf("addr: 0x%08x '%s'\n", (int) *(uint32_t*)*h_addr_list,
                        inet_ntop(h->h_addrtype, *h_addr_list, buf, sizeof(buf)));
                h_addr_list++;
        }
        return 0;
}

Before patch:

# ./test cnn.com
h_name:'cnn.com'
h_length:4
h_addrtype:AF_INET
alias:'²&9557;&0001041;²&9557;&0001070;&9618;²&9557;&0001041;&0001051;&9618;'
addr: 0x1ae2a69d '157.166.226.26'
addr: 0x19e0a69d '157.166.224.25'
addr: 0x1ae0a69d '157.166.224.26'
addr: 0x19e2a69d '157.166.226.25'

After patch:

# ./test cnn.com
h_name:'cnn.com'
h_length:4
h_addrtype: 2 AF_INET
alias:'cnn.com'
addr: 0x19e2a69d '157.166.226.25'
addr: 0x1ae2a69d '157.166.226.26'
addr: 0x19e0a69d '157.166.224.25'
addr: 0x1ae0a69d '157.166.224.26'
 

- Issue History
Date Modified Username Field Change
08-21-07 04:03 vvv New Issue
08-21-07 04:03 vvv Status new => assigned
08-21-07 04:03 vvv Assigned To  => uClibc
08-21-07 04:03 vvv File Added: resolv.patch
09-29-08 06:37 bernhardf Relationship added has duplicate 0001361
11-01-08 16:33 vda File Added: b.patch
11-01-08 16:37 vda Note Added: 0014814
11-01-08 17:26 vda File Deleted: b.patch
11-01-08 17:26 vda File Added: b.patch

Copyright © 2000 - 2006 Mantis Group
Powered by Mantis Bugtracker