I've encountered a segmentation fault in the 'whois' utility using BusyBox 1.28.4 (the default Alpine Linux 3.8) as packaged, _and_ as built from source with defconfig on the same system.
This issue only appears to occur for .IO domains (out of .COM, .NET, .ORG, .EDU; others untested), and happens about 50% of the time (repeated querying is likely to reveal it). Quite simply, the buffer 'linebuf' declared here [1] overflows, and musl's '__stack_chk_fail' correctly faults. On a glibc-based system, I have not been able to reproduce the fault, however the overflow still occurs. As the offending offset is _just_ beyond the end (50-60 bytes) of the buffer, increasing its size to 1200 or 2048 prevents the crash. Is there an "ideal" size that could be used, or should the mechanism be rewritten to reallocate as needed? Using a fixed buffer seems dangerous when the response size varies... Also, while stepping through this briefly, I noticed that every string received is converted fully to lowercase [2], often unnecessarily, as only the first handful of characters are compared (see 'is_prefixed_with' a few lines later). Why not use the 'strncmp' function instead, and remove the 'str_tolower'? Zach van Rijn [1]: https://git.busybox.net /busybox/tree/networking/whois.c?h=1_28_4#n42 [2]: https://git.busybox.net /busybox/tree/networking/whois.c?h=1_28_4#n64 [3]: https://git.busybox.net /busybox/tree/libbb/compare_string_array.c?h=1_28_4#n14 _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
