Bug 761513

Summary: Segmentation fault due to buffer overrun in the adnsresfilter program from the adns-progs package
Product: [Fedora] Fedora Reporter: Paul Blankenbaker <paul.blankenbaker>
Component: adnsAssignee: Adam Tkac <atkac>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 15CC: atkac, byte, ovasik, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-02 03:55:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Patch for RPM build of adns-1.4.tar.gz to fix error in adnsresfilter.c none

Description Paul Blankenbaker 2011-12-08 14:02:48 UTC
Created attachment 542548 [details]
Patch for RPM build of adns-1.4.tar.gz to fix error in adnsresfilter.c

Description of problem:

The adnsresfilter program will core dump on 32 bit Fedora 15 when run with the "--brackets" option and fed a IP address of 15 characters enclosed in brackets.

Version-Release number of selected component (if applicable):


How reproducible:

Alwas reproducable


Steps to Reproduce:

1. Boot Fedora 15 (32 bit)

2. Install ands-progs package

  yum install adns-progs

3. Feed a string containing a 15 character IP address within brackets into the adnsresfilter program with the --brackets option:

  echo "[255.255.255.255]" | adnsresfilter --unchecked --timeout 1000 --brackets
  
Actual results:

[root@probe-p3p1 ~]# echo "[255.255.255.255]" | adnsresfilter --unchecked --timeout 1000 --brackets
Segmentation fault
[root@probe-p3p1 ~]# 

Expected results:

[root@dev15-32 ~]# echo "[255.255.255.255]" | adnsresfilter --unchecked --timeout 1000 --brackets
[255.255.255.255]
[root@dev15-32 ~]# 

Additional info:

This appears to be a buffer overrun issue in the "client/adnsresfilter.c" source file. The addrtextbuf buffer is used to hold the IP address (and bracket characters) and is declared as:

static char addrtextbuf[14];

However, a IP address like 255.255.255.255 is 15 characters long. When you add brackets it becomes 17 characters long. I fixed the segmentation fault in my local build by allocating 18 bytes (in case a null string terminator might be appended somewhere in the code). Hence to avoid the segmentation fault, I changed the above declaration to:

static char addrtextbuf[18];

I've attached the "patch" file I created to apply this patch to build my own version of the RPM

Comment 1 Adam Tkac 2012-05-22 07:57:50 UTC
Your patch is correct, thanks for it.

Currently I'm going to patch only Fedora 17 and rawhide, please let me know if you would like to have the patch also in older distributions.

Comment 2 Fedora Update System 2012-05-22 08:07:51 UTC
adns-1.4-12.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/adns-1.4-12.fc17

Comment 3 Fedora Update System 2012-05-22 15:52:45 UTC
Package adns-1.4-12.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing adns-1.4-12.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-8240/adns-1.4-12.fc17
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2012-06-02 03:55:33 UTC
adns-1.4-12.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.