Re: Dangerous strcpy

Thursday, 22 June 2006

Vladimir G. Ivanovic wrote:

...
 P.S. I was going to comment that it's unlikely but possible for
the host
 name length (is that the entire hostname+domainname or just the
 hostname-domainname?) to be more than 255 characters in length. 
For DNS resolution, the h_name field will typically contain the FQDN.

This isn't guaranteed to be less than either HOST_NAME_MAX or
sysconf(_SC_HOST_NAME_MAX); those refer to hostnames returned from
gethostname(), not the gethostby* functions.

RFC 1035 limits a DNS domain name to 255 bytes, but that only applies
to DNS lookups. On systems which have an NSS facility (e.g. GNU libc),
gethostbyname() is delegated to a configurable set of plug-in
libraries, so any limits will depend upon how hostname resolution has
been configured.

IMHO, the most practical solution would be to treat a name longer than
255 characters the same way as a failed lookup. Nobody is likely to
use a hostname longer than 255 characters for any purpose /other/ than
to exploit a buffer overrun, so you don't need such lookups to
actually work. However, you probably shouldn't abort() on them.

-- 
Glynn Clements <glynn(a)gclements.plus.com&gt;

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

Re: Dangerous strcpy