Subject: Re: FYI: Buffer overflow in traceroute
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Eivind Eklund <>
List: tech-net
Date: 06/15/1998 00:03:13
On Sun, Jun 14, 1998 at 05:37:23PM -0400, der Mouse wrote:
> [Note: adding tech-net, since this thread seems to be heading more
> thataway, IMO - please check the recipient list if replying.]
> > gethostby{name,addr} and getnet* are better places to fix this sort
> > of thing.  They shouldn't, imho, return addresses lengths > 4.
> I strongly disagree.
> > IPng uses a gethostbyname2 for this sort of thing.
> I disagree with that choice too.
> IMO, gethostbyname should return a list of addresses.  Each address
> should be tagged with an AF_ type (yes, this would be an interface
> change, but no worse than the one involved when going from h_addr to
> h_addr_list).  Code should _always_ check that the address type is not
> something unexpected (this is rudimentary defensive programming).

That would break the Single Unix Specification.  IMO, not a good move.