OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: BitchX DNS Overflow Patch
From: nimrood (nimroodONEBOX.COM)
Date: Thu Dec 07 2000 - 00:28:13 CST


listed are two bugs in the BitchX irc client. a possible stack overflow
condition exists if a malformed DNS answer is processed by the client.
a second bug allows this malformed DNS record to be embedded in a valid
DNS packet. without the second bug the malformed DNS record wouldn't
be processed "correctly."

this patch is derived from the BitchX-1.0c17 source tree, but is relevent
to previous versions:

*** BitchX/source/misc.c.orig Thu Dec 7 01:33:11 2000
--- BitchX/source/misc.c Thu Dec 7 01:42:38 2000
***************
*** 2643,2648 ****
--- 2643,2653 ----
                switch(type)
                {
                case T_A :
+ if (dlen != sizeof(struct in_addr))
+ {
+ cp += dlen;
+ break;
+ }
                        rptr->re_he.h_length = dlen;
                        if (ans == 1)
                                rptr->re_he.h_addrtype=(class == C_IN)
?
***************
*** 2689,2694 ****
--- 2694,2700 ----
                        *alias = NULL;
                        break;
                default :
+ cp += dlen;
                        break;
                }
        }

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com