Dangerous strcpy
Glynn Clements
glynn at gclements.plus.com
Thu Jun 22 15:25:35 EDT 2006
Vladimir G. Ivanovic wrote:
> P.S. I was going to comment that it's unlikely but possible for the host
> name length (is that the entire hostname+domainname or just the
> hostname-domainname?) to be more than 255 characters in length.
For DNS resolution, the h_name field will typically contain the FQDN.
This isn't guaranteed to be less than either HOST_NAME_MAX or
sysconf(_SC_HOST_NAME_MAX); those refer to hostnames returned from
gethostname(), not the gethostby* functions.
RFC 1035 limits a DNS domain name to 255 bytes, but that only applies
to DNS lookups. On systems which have an NSS facility (e.g. GNU libc),
gethostbyname() is delegated to a configurable set of plug-in
libraries, so any limits will depend upon how hostname resolution has
been configured.
IMHO, the most practical solution would be to treat a name longer than
255 characters the same way as a failed lookup. Nobody is likely to
use a hostname longer than 255 characters for any purpose /other/ than
to exploit a buffer overrun, so you don't need such lookups to
actually work. However, you probably shouldn't abort() on them.
--
Glynn Clements <glynn at gclements.plus.com>
More information about the XEmacs-Beta
mailing list
