On Thu, 05 Nov 2015 23:08:07 +0100, Alexander Bluhm wrote: > Hi, > > I had sendmail crashes because of invalid pointers in _res.dnsrch. > I have 4 nameservers in /etc/resolv.conf, the last one is IPv6. > > /usr/include/resolv.h: > #define MAXNS 3 /* max # name servers we'll track */ > struct __res_state { > ... > struct sockaddr_in > nsaddr_list[MAXNS]; /* address of name server */ > unsigned short id; /* current message id */ > char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */ > > After calling res_init(3), _res.dnsrch contained part of the IPv6 > nameserver address as pointer. The reason is a missing overflow > check when filling _res.nsaddr_list. > > The sendmail crashes started when I updated and recomiled my libc > today. I have no idea, why this bug did not appear before.
For anyone wondering, this only affects programs (like sendmail) that use the bind resolver internals directly. OK millert@ - todd