segmentation fault with long host names
Kartik Subbarao
subbarao at phoenix.Princeton.EDU
Fri Dec 21 12:39:39 AEST 1990
In article <1990Dec20.203518.24899 at cs.widener.edu> brendan at cs.widener.edu (Brendan Kehoe) writes:
>
> Howdy .. I just came across something strange. I'd like to verify it before
>letting Sun know about it (in case it's a site-specific problem, rather
>than a system problem).
> Whenever I try to do any operation on the name
> kfps-roble6-dynamic.stanford.edu
> with ping, telnet, ftp, etc, I get "Segmentation fault".
Hmm - I tried this too and the same thing happened. (I'm also running on a
Sun, but at least its not site - specific)
> But this also happens with other things .. dig bitches about a
>truncated answer & says "connection refused"; host sits there staring.
>Only nslookup has ever been able to deal with it.
> I'd say it's being snagged by MAXHOSTNAMELEN, but that doesn't make
>sense; foo.bar.baz.mix.me.a.good.drink is dealable -- only when one
>particular part of a FQDN is really long does it die.
> Whatcha think?
>
I thought it was something similar to that too (i.e MAXHOSTNAMELEN). So to
find out, I compiled telnet with symbols and gdb'd the sucker. As it turns
out, the segmentation fault occurs in bcopy(), which is called by memcopy().
the memcopy in the telnet code goes like this:
memcpy((caddr_t)&sin.sin_addr, host->h_addr_list[0], host->h_length);
The segfault comes from h_addr_list pointing to some illegitimate place.
(So when you dereference the pointer via h_addr_list[0], boom!)
And how did it get to be pointing there, you might ask? Amazing place.
gethostbyname().
host = gethostbyname(hostp) is called, with
hostp being "kfps-roble6-dynamic.stanford.edu".
gethostbyname here returns a struct hostent * which has really confused fields
in it. They simply don't make sense. I wish I had symbols for wherever that
source is. It would be nice to find out why. But I suspect that it
has something to do with the length of the name. If you used the specific
example "foo.bar.baz.mix.me.a.good.drink", then things go okay (well it
doesnt segfault) because the gethostbyname returns NULL on that name, and
telnet can tell the errors.
And since gethostbyname() is used universally in telnet, ftp, etc. they all
segfault. Okay, someone who has the source to all this -- Why is gethostbyname
returning bad things?
-Kartik
--
internet# ls -alR | grep *.c
subbarao@{phoenix or gauguin}.Princeton.EDU -|Internet
kartik at silvertone.Princeton.EDU (NeXT mail) -|
SUBBARAO at PUCC.BITNET - Bitnet
More information about the Comp.unix.internals
mailing list