Subject: Re: FYI: Buffer overflow in traceroute
To: Warner Losh <imp@village.org>
From: Kevin Vajk <kvajk@ricochet.net>
List: tech-security
Date: 06/13/1998 23:00:50
On Sat, 13 Jun 1998, Warner Losh wrote:

> Having made this change for most of FreeBSD, I think it is somewhat
> bogus and had planned to back it out.  It was really bogus and Theo
> pointed out to me what was so bogus about it.
> 
> gethostby{name,addr} and getnet* are better places to fix this sort of
> thing.  They shouldn't, imho, return addresses lengths > 4.  IPng uses
> a gethostbyname2 for this sort of thing.  the gethostbyname man page
> implies that it only looks up AF_INET addresses, which are, by
> definition, 4 bytes long.
> 
> Just my HO, your milage may vary.
> 
> Warner

Theo de Raadt pointed out to me that the library had been changed long
ago.  So, I'm sorry I wasted people's time with a bogus bug report.  I was
trying to be helpful, but should have researched it more before sending
off an email...

<irrelevant philosophy>
Having said that, I urge you *not* to back out your changes.
When considering code like memcpy(dest,src,length) is it better
programming to define length to be sizeof(dest) or is it better to define
length to be sizeof(src), knowing that libc has been changed to guarantee
this?  I say it's better to be explicit.  The fact that libc protects
against bad programming (which I am very happy to hear) doesn't justify
bad programming.  Besides, not all platforms guarantee this.  Nor does the
original specification exactly guarantee this.  There are plenty of
systems where libc will return whatever the remote system tells it to.  So
why not have code that's secure even if it's run somewhere else?
</irrelevant philosophy>

Anyhow, sorry for the essentially bogus bug report.  I hope you
understand.  Thanks!

- Kevin Vajk
  <kvajk@ricochet.net>