------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=619
Summary: Core dumps on NULL hosts->h_name
Product: Exim
Version: 4.68
Platform: x86
OS/Version: Solaris
Status: NEW
Severity: bug
Priority: medium
Component: General execution
AssignedTo: ph10@hermes.cam.ac.uk
ReportedBy: alex.kiernan@gmail.com
CC: exim-dev@exim.org
Created an attachment (id=214)
--> (http://bugs.exim.org/attachment.cgi?id=214)
Fix NULL pointer dereference in host_name_lookup_byaddr
On Solaris 10 x86 we're seeing NULL pointers in h_name on return from
gethostbyaddr which is causing coredumps around host.c:1505:
if (hosts->h_name[0] == 0 || hosts->h_name[0] == '.')
Can be demonstrated using this test program:
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
int main(void)
{
struct in_addr addr;
struct hostent *hosts;
addr.s_addr = inet_addr("91.186.12.143");
hosts = gethostbyaddr(&addr, sizeof(addr), AF_INET);
printf("hosts=%lx\n", hosts);
printf("hosts->h_name=%lx\n", hosts->h_name);
printf("hosts->h_name='%s'\n", hosts->h_name);
}
gives:
hosts=80609b4
hosts->h_name=0
Segmentation Fault (core dumped)
Suggested patch attached.
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=619
Summary: Core dumps on NULL hosts->h_name
Product: Exim
Version: 4.68
Platform: x86
OS/Version: Solaris
Status: NEW
Severity: bug
Priority: medium
Component: General execution
AssignedTo: ph10@hermes.cam.ac.uk
ReportedBy: alex.kiernan@gmail.com
CC: exim-dev@exim.org
Created an attachment (id=214)
--> (http://bugs.exim.org/attachment.cgi?id=214)
Fix NULL pointer dereference in host_name_lookup_byaddr
On Solaris 10 x86 we're seeing NULL pointers in h_name on return from
gethostbyaddr which is causing coredumps around host.c:1505:
if (hosts->h_name[0] == 0 || hosts->h_name[0] == '.')
Can be demonstrated using this test program:
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
int main(void)
{
struct in_addr addr;
struct hostent *hosts;
addr.s_addr = inet_addr("91.186.12.143");
hosts = gethostbyaddr(&addr, sizeof(addr), AF_INET);
printf("hosts=%lx\n", hosts);
printf("hosts->h_name=%lx\n", hosts->h_name);
printf("hosts->h_name='%s'\n", hosts->h_name);
}
gives:
hosts=80609b4
hosts->h_name=0
Segmentation Fault (core dumped)
Suggested patch attached.
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##