On Wed, 17 Sep 1997, T. William Wells wrote:
> 1) exim believes gethostbyaddr. Nonetheless, it is entirely
> possible to spoof one's reverse address records.
That is why it is best to do your host blocking, etc. by IP number, or
by non-wild name, which is then looked up with a forward lookup.
For an entirely different reason I had decided that gethostbyaddr would
have to be changed. The reason is that you can't distinguish between
"unknown address" and "DNS lookup timed out". I will have to change to
doing an explicit DNS lookup, I suppose.
> 2) exim copies, using strcpy, the results of gethostbyaddr,
> in at least one place. An immediate attack method is to
> create a long HELO line and a tailored DNS record to
> create overruns.
I can't find this code. There is only one call to gethostbyaddr() in
exim (well, some different versions for IPv4 and IPv6), and afterwards,
the code (version 1.71) reads
/* Copy and lowercase the name */
s = (char *)hosts->h_name;
t = yield = store_malloc((int)strlen(s) + 1);
while (*s != 0) *t++ = tolower(*s++);
*t = 0;
DEBUG(2) debug_printf("host_find_by_addr yields %s\n", yield);
return yield;
Please give more detail as to where you found this strcpy(). Thanks.
Philip
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714
--
* This is sent by the exim-users mailing list. To unsubscribe send a
mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/
