1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
From 2365aa9b62dd703cd279b94ede25ebb274cfe723 Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Sun, 3 Apr 2022 20:44:51 +0000
Subject: [PATCH] nslookup: sanitize all printed strings with printable_string
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise, terminal sequences can be injected, which enables various terminal injection
attacks from DNS results.
CVE: Pending
Upstream-Status: Pending
Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
---
networking/nslookup.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/networking/nslookup.c b/networking/nslookup.c
index 6da97baf4..4bdcde1b8 100644
--- a/networking/nslookup.c
+++ b/networking/nslookup.c
@@ -407,7 +407,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
//printf("Unable to uncompress domain: %s\n", strerror(errno));
return -1;
}
- printf(format, ns_rr_name(rr), dname);
+ printf(format, ns_rr_name(rr), printable_string(dname));
break;
case ns_t_mx:
@@ -422,7 +422,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
//printf("Cannot uncompress MX domain: %s\n", strerror(errno));
return -1;
}
- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
+ printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
break;
case ns_t_txt:
@@ -434,7 +434,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
if (n > 0) {
memset(dname, 0, sizeof(dname));
memcpy(dname, ns_rr_rdata(rr) + 1, n);
- printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
+ printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
}
break;
@@ -454,7 +454,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
}
printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr),
- ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname);
+ ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname));
break;
case ns_t_soa:
@@ -483,7 +483,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
return -1;
}
- printf("\tmail addr = %s\n", dname);
+ printf("\tmail addr = %s\n", printable_string(dname));
cp += n;
printf("\tserial = %lu\n", ns_get32(cp));
|
