206 lines
8.4 KiB
Diff
206 lines
8.4 KiB
Diff
|
--- mtr-0.69/dns.c.CVE-2002-0497 2005-01-11 09:32:42.000000000 +0100
|
||
|
+++ mtr-0.69/dns.c 2005-02-09 18:13:12.000000000 +0100
|
||
|
@@ -877,7 +877,7 @@
|
||
|
if (type == T_A) {
|
||
|
dorequest(rp->hostname,type,rp->id);
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Sent reverse authentication request for \"%s\".",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Sent reverse authentication request for \"%s\".",
|
||
|
rp->hostname);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
@@ -898,7 +898,7 @@
|
||
|
}
|
||
|
dorequest(tempstring,type,rp->id);
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Sent domain lookup request for \"%s\".",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Sent domain lookup request for \"%s\".",
|
||
|
strlongip( &(rp->ip) ));
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
@@ -934,7 +934,7 @@
|
||
|
rp->expiretime = sweeptime + (double)ttl;
|
||
|
untieresolve(rp);
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Lookup successful: %s\n",rp->hostname);
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Lookup successful: %s\n",rp->hostname);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
}
|
||
|
@@ -991,7 +991,7 @@
|
||
|
case NOERROR:
|
||
|
if (hp->ancount) {
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)",
|
||
|
hp->qdcount,hp->ancount,hp->nscount,hp->arcount);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
@@ -1031,14 +1031,14 @@
|
||
|
namestring[strlen(stackstring)] = '\0';
|
||
|
if (strcasecmp(stackstring,namestring)) {
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")",
|
||
|
stackstring,namestring);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Queried domain name: \"%s\"",namestring);
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Queried domain name: \"%s\"",namestring);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
c+= r;
|
||
|
@@ -1049,7 +1049,7 @@
|
||
|
qdatatype = sucknetword(c);
|
||
|
qclass = sucknetword(c);
|
||
|
if (qclass != C_IN) {
|
||
|
- sprintf(tempstring,"Resolver error: Received unsupported query class: %u (%s)",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unsupported query class: %u (%s)",
|
||
|
qclass,qclass < ClasstypeCount ? classtypes[qclass] :
|
||
|
classtypes[ClasstypeCount]);
|
||
|
restell(tempstring);
|
||
|
@@ -1063,7 +1063,7 @@
|
||
|
}
|
||
|
break;
|
||
|
default:
|
||
|
- sprintf(tempstring,"Resolver error: Received unimplemented query type: %u (%s)",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented query type: %u (%s)",
|
||
|
qdatatype,qdatatype < ResourcetypeCount ?
|
||
|
resourcetypes[qdatatype] : resourcetypes[ResourcetypeCount]);
|
||
|
restell(tempstring);
|
||
|
@@ -1085,7 +1085,7 @@
|
||
|
else
|
||
|
usefulanswer = 1;
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: answered domain query: \"%s\"",namestring);
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: answered domain query: \"%s\"",namestring);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
c+= r;
|
||
|
@@ -1098,10 +1098,10 @@
|
||
|
ttl = sucknetlong(c);
|
||
|
rdatalength = sucknetword(c);
|
||
|
if (class != qclass) {
|
||
|
- sprintf(tempstring,"query class: %u (%s)",qclass,qclass < ClasstypeCount ?
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "query class: %u (%s)",qclass,qclass < ClasstypeCount ?
|
||
|
classtypes[qclass] : classtypes[ClasstypeCount]);
|
||
|
restell(tempstring);
|
||
|
- sprintf(tempstring,"rr class: %u (%s)",class,class < ClasstypeCount ?
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "rr class: %u (%s)",class,class < ClasstypeCount ?
|
||
|
classtypes[class] : classtypes[ClasstypeCount]);
|
||
|
restell(tempstring);
|
||
|
restell("Resolver error: Answered class does not match queried class.");
|
||
|
@@ -1117,20 +1117,20 @@
|
||
|
}
|
||
|
if (datatype == qdatatype || datatype == T_CNAME) {
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: TTL: %s",strtdiff(sendstring,ttl));
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: TTL: %s",strtdiff(sendstring,ttl));
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
if (usefulanswer)
|
||
|
switch (datatype) {
|
||
|
case T_A:
|
||
|
if (rdatalength != 4) {
|
||
|
- sprintf(tempstring,"Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)",
|
||
|
rdatalength);
|
||
|
restell(tempstring);
|
||
|
return;
|
||
|
}
|
||
|
if ( addrcmp( (void *) &(rp->ip), (void *) c, af ) == 0 ) {
|
||
|
- sprintf(tempstring,"Resolver: Reverse authentication failed: %s != ",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication failed: %s != ",
|
||
|
strlongip( &(rp->ip) ));
|
||
|
addrcpy( (void *) &alignedip, (void *) c, af );
|
||
|
strcat(tempstring,strlongip( &alignedip ));
|
||
|
@@ -1138,7 +1138,7 @@
|
||
|
res_hostipmismatch++;
|
||
|
failrp(rp);
|
||
|
} else {
|
||
|
- sprintf(tempstring,"Resolver: Reverse authentication complete: %s == \"%s\".",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication complete: %s == \"%s\".",
|
||
|
strlongip( &(rp->ip) ),nonull(rp->hostname));
|
||
|
restell(tempstring);
|
||
|
res_reversesuccess++;
|
||
|
@@ -1155,7 +1155,7 @@
|
||
|
return;
|
||
|
}
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Answered domain: \"%s\"",namestring);
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Answered domain: \"%s\"",namestring);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
if (r > HostnameLength) {
|
||
|
@@ -1180,14 +1180,14 @@
|
||
|
}
|
||
|
break;
|
||
|
default:
|
||
|
- sprintf(tempstring,"Resolver error: Received unimplemented data type: %u (%s)",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented data type: %u (%s)",
|
||
|
datatype,datatype < ResourcetypeCount ?
|
||
|
resourcetypes[datatype] : resourcetypes[ResourcetypeCount]);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
} else {
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Ignoring resource type %u. (%s)",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Ignoring resource type %u. (%s)",
|
||
|
datatype,datatype < ResourcetypeCount ?
|
||
|
resourcetypes[datatype] : resourcetypes[ResourcetypeCount]);
|
||
|
restell(tempstring);
|
||
|
@@ -1205,7 +1205,7 @@
|
||
|
failrp(rp);
|
||
|
break;
|
||
|
default:
|
||
|
- sprintf(tempstring,"Resolver: Received error response %u. (%s)",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Received error response %u. (%s)",
|
||
|
getheader_rcode(hp),getheader_rcode(hp) < ResponsecodeCount ?
|
||
|
responsecodes[getheader_rcode(hp)] : responsecodes[ResponsecodeCount]);
|
||
|
restell(tempstring);
|
||
|
@@ -1236,13 +1236,13 @@
|
||
|
(void *) &(from4->sin_addr), AF_INET ) == 0 )
|
||
|
break;
|
||
|
if (i == _res.nscount) {
|
||
|
- sprintf(tempstring,"Resolver error: Received reply from unknown source: %s",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received reply from unknown source: %s",
|
||
|
inet_ntoa(from4->sin_addr ));
|
||
|
restell(tempstring);
|
||
|
} else
|
||
|
parserespacket((byte *)resrecvbuf,r);
|
||
|
} else {
|
||
|
- sprintf(tempstring,"Resolver: Socket error: %s",strerror(errno));
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Socket error: %s",strerror(errno));
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
}
|
||
|
@@ -1271,7 +1271,7 @@
|
||
|
case STATE_FINISHED: /* TTL has expired */
|
||
|
case STATE_FAILED: /* Fake TTL has expired */
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Cache record for \"%s\" (%s) has expired. (state: %u) Marked for expire at: %g, time: %g.",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Cache record for \"%s\" (%s) has expired. (state: %u) Marked for expire at: %g, time: %g.",
|
||
|
nonull(rp->hostname), strlongip( &(rp->ip) ),
|
||
|
rp->state, rp->expiretime, sweeptime);
|
||
|
restell(tempstring);
|
||
|
@@ -1315,14 +1315,14 @@
|
||
|
if ((rp->state == STATE_FINISHED) || (rp->state == STATE_FAILED)) {
|
||
|
if ((rp->state == STATE_FINISHED) && (rp->hostname)) {
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Used cached record: %s == \"%s\".\n",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Used cached record: %s == \"%s\".\n",
|
||
|
strlongip(ip),rp->hostname);
|
||
|
restell(tempstring);
|
||
|
}
|
||
|
return rp->hostname;
|
||
|
} else {
|
||
|
if (debug) {
|
||
|
- sprintf(tempstring,"Resolver: Used failed record: %s == ???\n",
|
||
|
+ snprintf(tempstring, sizeof(tempstring), "Resolver: Used failed record: %s == ???\n",
|
||
|
strlongip(ip));
|
||
|
restell(tempstring);
|
||
|
}
|