This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/18784] res_query and related function crash for special record type queries (CVE-2015-5180)


https://sourceware.org/bugzilla/show_bug.cgi?id=18784

--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Andreas Schwab from comment #1)
> FreeBSD has a similar in-band signaling, but uses T_ANY (255) for it.

T_ANY is a completely valid QTYPE and supported by libresolv for diagnostic
purposes, it's not possible hijack it to do two queries at the same time.  I do
not see code which actually sends such queries.  The response processing code
in FreeBSD's getaddrinfo special-cases T_ANY responses, but that's it.

In case anyone gets ideas from this: You cannot use QTYPE=ANY in any useful way
to perform combined A and AAAA requests in a single query.  Some caching
resolvers will not forward QTYPE=ANY queries and return whatever they currently
have in cache.  This means that absence of addresses in the response does not
tell us anything at all, and additional queries are need (possibly taking the
total up to 3).  Furthermore, some DNS implementations (both recursive
resolvers and authoritative servers) refuse to answer to QTYPE=ANY queries.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]