Date: Wed, 3 May 2000 17:32:26 -0500
From: THE INFAMOUS <[email protected]>
To: [email protected]Subject: Fwd: tcpdump workaround against dnsloop exploit.
---------- Forwarded Message ----------
Subject: tcpdump workaround against dnsloop exploit.
Date: 04 May 2000 00:32:22 +0200
From: [email protected]
Hi,
Here is my patch to tcpdump against the dnsloop exploit...
I have really no knowledge of the dns internal at all,
so this is probably not ( and this is not ) the good way of preventing this.
However, it work against this attack,
but i hope it doesn't break anything for the printing of compressed
domain name.
Please remember, this is only a workaround
and might break the printing of compressed domain name in tcpdump.
--- print-domain.orig Wed May 3 23:33:13 2000
+++ print-domain.c Thu May 4 00:22:05 2000
@@ -150,6 +150,7 @@
{
register u_int i;
register const u_char *rp;
+ register const u_char *old = NULL;
register int compress;
i = *cp++;
@@ -162,8 +163,17 @@
if (i != 0)
while (i && cp < snapend) {
if ((i & INDIR_MASK) == INDIR_MASK) {
- cp = bp + (((i << 8) | *cp) & 0x3fff);
- i = *cp++;
+ cp = bp + (((i << 8) | *cp) & 0x3fff);
+
+ /*
+ * If we got two time the same data ptr,
+ * this mean we are looping.
+ */
+ if ( cp == old)
+ return NULL;
+ old = cp;
+
+ i = *cp++;
continue;
}
if (fn_printn(cp, i, snapend))
--
-- Yoann http://www.mandrakesoft.com/~yoann/
It is well known that M$ product don't make a free() after a malloc(),
the unix community wish them good luck for their future developement.
-------------------------------------------------------
--
Bryan
Microsoft - Bringing you yesterdays technology today and breaking it along
the way...
