Subject: Re: FYI: Buffer overflow in traceroute
To: None <tech-security@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-security
Date: 06/14/1998 17:02:52
>>    memcpy(&gateway[lsrr], hp->h_addr, hp->h_length)

>>    memcpy(&to.sin_addr, hp->h_addr, hp->h_length);

>> This is like using strncpy(), only the *remote* nameserver is
>> dictating how many bytes to copy.

Well, depending on the library, as has already been mentioned.

What I almost always write is something like

	if (hp->h_addrtype != AF_INET)
	 { ...kvetch... }
	if (hp->h_length != sizeof(struct in_addr))
	 { ...whine... }
	...use the hp->h_addr_list[] entries...

Just basic defensive programming, I would have thought: don't trust
anything.  (Yes, the first test needs tweaking for IPv6, but if it's
written properly it will be really obvious from the message *what*
needs tweaking.  And since the rest of the code's not IPv6-ready
anyway, in the cases where I've written such code, it's still a proper
thing to check for.)

					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B