search for: hostnamelen

...I. The usage of predictable IDs in queries and recursed queries allows for remote cache corruption. This allows malicious users to alter domain name server caches to change the addresses and hostnames of hosts on the internet. II. A failure to check whether hostname lengths exceed MAXHOSTNAMELEN in size. This results in potential buffer overflows in programs which expect the BIND resolver to only return a maximum hostname length of MAXHOSTNAMELEN. Problem I. The usage of predictable ID''s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...

In sshd.c: /* record remote hostname or ip */ u_int utmp_len = MAXHOSTNAMELEN; However, HOSTNAMELEN is almost certainly too long. Is there a reason not to use UT_HOSTSIZE instead, as below? Index: sshd.c =================================================================== --- sshd.c (revision 182719) +++ sshd.c (working copy) @@ -72,6 +72,7 @@ #include <std...

...chment 2434 --> https://bugzilla.mindrot.org/attachment.cgi?id=2434&action=edit patch I've tried to set set hostname on my linux box to 64 characters which is the maximum supported by Linux. This works fine but breaks ssh-keygen (and possibly other openssh tools) because Linux sets MAXHOSTNAMELEN to 64 which does not account for trailing zero. I've tested this on OEL 6.5 (2.6.32-431.3.1.el6 kernel) and openssh-5.3p1-94.el6.x86_64 OEL 6.5 (2.6.32-431.3.1.el6 kernel) and OpenSSH_6.6p1 Fedora 20 (3.15.0-rc2+ kernel) and openssh-6.4p1-3.fc20.x86_64 The above root cause seems like a inten...