4024 – Too many supplied nameservers will core dump pump-0.6.7

Bug 4024 - Too many supplied nameservers will core dump pump-0.6.7

Summary: Too many supplied nameservers will core dump pump-0.6.7

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	pump
Sub Component:
Version:	6.0
Hardware:	i386
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Erik Troan
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-07-14 02:03 UTC by jjohnson
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	1999-08-16 18:30:26 UTC
Embargoed:

Attachments	(Terms of Use)

Description jjohnson 1999-07-14 02:03:30 UTC

If a DHCP server supplies more than 3 DNS servers, the
process will overwrite the count and probably dump pump.

Here is the problem code:

struct intfInfo {
...
struct in_addr gateway;
struct in_addr dnsServers[3];
int numDns;
}

If the dnsServers are overrun, the next one blows away the
numDns value.

Also, there is not a check in place to prevent this from
happenning.

CODE:
for (i = 0; i < length; i += 4)
    memcpy(&intf->dnsServers[intf->numDns++], chptr + i, 4);

The fix is simple.

Comment 1 Jay Turner 1999-07-14 13:45:59 UTC

This issue has been assigned to a developer for further action.

Comment 2 brantley 1999-07-22 16:43:59 UTC

I also ran into the bug and completely agree with
jjohnson.com - the fix is simple.  Moreover, I'd note that
while 3 may be a reasonable number of nameservers, it's not a
reasonable number of interfaces when one or more of those (3) hosts is
multi-homed.

As trivial as the fix is, I developed a patch and thought I'd send it
your way in the hopes that it might save somebody time.

Hope this helps -
--
- Michael


*** pump.c.orig Sat May  8 16:27:32 1999
--- pump.c      Thu Jul 22 13:20:25 1999
***************
*** 446,452 ****
        switch (option) {
            case BOOTP_OPTION_DNS:
                intf->numDns = 0;
!               for (i = 0; i < length; i += 4)
                    memcpy(&intf->dnsServers[intf->numDns++], chptr +
i, 4);
                intf->set |= NETINFO_HAS_DNS;
                break;
--- 446,452 ----
        switch (option) {
            case BOOTP_OPTION_DNS:
                intf->numDns = 0;
!               for (i = 0; ((i < length) && (intf->numDns <
INTFINFO_NUM_DNSSERVERS)); i += 4)
                    memcpy(&intf->dnsServers[intf->numDns++], chptr +
i, 4);
                intf->set |= NETINFO_HAS_DNS;
                break;
*** net.h.orig  Tue Apr 13 17:01:46 1999
--- net.h       Thu Jul 22 13:20:42 1999
***************
*** 21,26 ****
--- 21,27 ----
  #define INTFINFO_HAS_BOOTFILE (1 << 6)
  #define INTFINFO_HAS_LEASE    (1 << 7)
  #define INTFINFO_HAS_REQLEASE (1 << 8)
+ #define INTFINFO_NUM_DNSSERVERS       8

  #define NETINFO_HAS_GATEWAY   (1 << 20)
  #define NETINFO_HAS_HOSTNAME  (1 << 21)
***************
*** 38,44 ****
      int reqLease;             /* in seconds */
      char * hostname, * domain;                /* dynamically
allocated */
      struct in_addr gateway;
!     struct in_addr dnsServers[3];
      int numDns;
  };

--- 39,45 ----
      int reqLease;             /* in seconds */
      char * hostname, * domain;                /* dynamically
allocated */
      struct in_addr gateway;
!     struct in_addr dnsServers[INTFINFO_NUM_DNSSERVERS];
      int numDns;
  };

Comment 3 Erik Troan 1999-08-16 18:30:59 UTC

Fixed in pump 0.7.0

Note You need to log in before you can comment on or make changes to this bug.