On Tue, Apr 11, 2000 at 12:35:41PM -0500, Gilbert Ramirez wrote:
>
>
> At packetstorm.securify.com, I searched for "ethereal" and found
> "zlip.tar.gz", which contains 3 exploits of DNS resolution:
>
> http://209.143.242.119/cgi-bin/search/search.cgi?searchvalue=ethereal&type=archives&search.x=25&search.y=23
>
Attached is a very quick patch which keeps Ethereal from hanging on the
3 sample traces of this exploit. This is just a quick fix; I haven't looked
in detail to see if this is the best (or even proper!) fix.
--gilbert
Index: packet-dns.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/packet-dns.c,v
retrieving revision 1.41
diff -u -r1.41 packet-dns.c
--- packet-dns.c 2000/04/04 06:17:28 1.41
+++ packet-dns.c 2000/04/11 20:09:32
@@ -328,6 +328,7 @@
{
const u_char *dp = pd + offset;
const u_char *dptr = dp;
+ const u_char *current_ptr_start = NULL;
char *np = name;
int len = -1;
u_int component_len;
@@ -336,6 +337,11 @@
for (;;) {
if (!BYTES_ARE_IN_FRAME(offset, 1))
goto overflow;
+
+ /* Catch loops */
+ if (dp == current_ptr_start) {
+ return 0;
+ }
component_len = *dp++;
offset++;
if (component_len == 0)
@@ -383,6 +389,7 @@
if (len < 0)
len = dp - dptr;
dp = pd + offset;
+ current_ptr_start = dp;
break; /* now continue processing from there */
}
}
