Red Hat Bugzilla – Bug 450766
dname response causes glibc to assert without log message and core dump.
Last modified: 2008-06-27 00:46:39 EDT
Description of problem: in some cases when a dns DNAME response is recieved,
glibc aborts, which allows a denial of service attack in programs like firefox.
wireshark log attached.
Created attachment 308868 [details]
I've added code to ignore the T_DNAME messages. This is a misconfigured server.
I cannot reproduce it here so testing is welcome. Should be part of the next
Created attachment 308946 [details]
log on the abort case.
Any chance on also applying the attached patch to log responses that would
trigger the abort?
Created attachment 308960 [details]
add the text for T_DNAME so p_type() will work correctly.
We also need T_DNAME added to the list from which p_type works...
Uli, can you please also review the two patches I've attached to this bug? The
first adds logging for unknown responses which would trigger abort(), and the
second adds handling for T_DNAME in p_type(), which is needed for the patch you
I've added the debug entry to cvs. The T_DNAME entry is not needed. Since the
debug cod eis not added to the binary their is no reason to keep this BZ open.