Subject: lib/3486: lib/libc/net/gethostnamadr.c broken
To: None <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: netbsd-bugs
Date: 04/13/1997 18:27:01
>Number:         3486
>Category:       lib
>Synopsis:       gethostnamadr.c broken in bind-4.5.1 import
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 13 18:35:01 1997
>Release:        NetBSD-current supped at 13-Apr-1997
System: NetBSD Cup.DSG.Stanford.EDU 1.2D NetBSD 1.2D (DSG_4K) #0: Mon Mar 31 20:29:11 PST 1997 jonathan@Cup.DSG.Stanford.EDU:/aga/n1/src/NetBSD/IP-PLUS/src/sys/arch/i386/compile/DSG_4K i386


In NetBSD-current with BIND-4.9.1-P1, lots of commands that map a PTR
for to a hostname seem to coredump.


	Build  and install -current with the BIND-4.9.1-P1 update
	as of 13-Apr-1997.
	Try "telnet localhost".
	Try "rsh localhost pwd".
	Try "netstat".
	Try "netstat -r".


	Use "telnet <hostname>".
	Use "rsh <hostname> pwd".
	Use "netstat -n".
	Use "netstat -nr".

Looking at the coredumps with a debugger shows that the calls to
gethostnamadr.c:getanswer() are inconsistent with the internals of
getanswer(). Getanswer() clearly expects its 3rd arg to be a char*.

The callers are now passing it  a boolean (0 or 1) instead. This is
saved in the local variable "tname" which is again assumed to be a char*.

In some cases, the value 1 gets passed to strcasecmp(), with
predictable lossage.