Vulnerability Development mailing list archives
Re: Bug, possible hole in nslookup, various operating systems
From: Kyle Bradley <primtech () FONE NET>
Date: Sat, 16 Dec 2000 15:33:04 -0700
I don't think this is really a problem.
I'm looking at code for nslookup that came from bind-8.2.2_P5-9.src.rpm
with my Redhat 6.2 installation. In src/bin/nslookup/main.c:
static const char sccsid[] = "@(#)main.c 5.42 (Berkeley) 3/3/91";
static const char rcsid[] = "$Id: main.c,v 8.13 1999/10/13 16:39:19
vixie Exp $";
It looks like the ^C is caught by the IntrHandler() routine (right at
the top of subr.c). According to the comments:
* This routine is called whenever a control-C is typed.
* It performs three main functions:
* - closes an open socket connection,
* - closes an open output file (used by LookupHost, et al.),
* - jumps back to the main read-eval loop.
So, the ^C is hit during the main read-eval loop in interactive mode,
IntrHandler() is called, and yyrestart() is called again or longjmp()
jumps back to the last setjmp(). If longjmp() is called instead of
yyrestart(), the program resumes execution in main.c, line 358:
/*
* Setup the environment to allow the interrupt handler to
return here.
*/
(void) setjmp(env);
which is right before the scanner code:
printf("> ");
fflush(stdout);
while(yylex()) {
printf("> ");
fflush(stdout);
}
The flex man page says:
- flex scanners are not as reentrant as lex scanners.
In particular, if you have an interactive scanner
and an interrupt handler which long-jumps out of
the scanner, and the scanner is subsequently called
again, you may get the following message:
fatal flex scanner internal error--end of buffer
missed
To reenter the scanner, first use
yyrestart( yyin );
So the error is that the SIGINT causes a longjmp() out of the
read-eval loop, which gets run again. flex isn't able to handle this,
so it spits out the error.
I don't see any security problem with this right offhand.
- Kyle
--
| "Words come from an ancestry, deeds from a mastery: when these are |
| unknown, so am I. In my obscurity is my value. That's why the wise |
| wear their jade under common clothes. - Lao Tzu" |
primtech () fone net
Current thread:
- Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 17)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Michal Zalewski (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Steve Lord (Dec 19)
- Re: Bug, possible hole in nslookup, various operating systems Ryan W. Maple (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems rpc (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems SSecurity (Dec 18)
- <Possible follow-ups>
- Re: Bug, possible hole in nslookup, various operating systems Kyle Bradley (Dec 18)
