Re: DNS name compression and Bonjour

Subject: Re: DNS name compression and Bonjour
From: Andrew White <email@hidden>
Date: Wed, 20 Sep 2006 12:06:48 +1000
Delivered-to: email@hidden
Delivered-to: email@hidden
User-agent: Thunderbird 1.5.0.7 (Macintosh/20060909)


Stuart, Marc,

After more investigation, I think the error is a mix of some faulty code and a bad assumption on my part.

The code I was using to decode the SRV target field is approximately identical to dns_rdata_to_name (nss_mdns.c:2559), where it is used to decode PTR RDATA into a single string.

For some reason which I cannot now recall, the code strips whitespace before processing the rdata, according to the following code:

	while (isspace (*rdata_curr))
	{
		rdata_curr ++;
		if (rdata_curr > rdata + rdlen)
		{
			return DNS_RDATA_TO_NAME_BAD_FORMAT;
		}
	}

Now, isspace returns TRUE for *rdata_curr in "\t\n\v\f\r ", which is (I think) values 9-13 or 32. Thus, an length byte in the range 9-13 or 32 will be discarded and the code begin parsing with the next value, which is quite likely meaningless. If this ascii value was greater than 63 the code would then fail with a pointer error! Otherwise, it is likely to fail with a format error.

Because the error was occurring on some embedded hardware that I didn't have direct access to (and thus couldn't line-by-line debug), I incorrectly assumed the parse failure was due to the compressed SRV records rather than the broken parsing code (which had previously worked due to being lucky enough not to get one of the 'broken' length values).

I'm a little surprised this error hasn't been noticed as mysterious failures when doing PTR lookups via nss_mdns. The fix is easy: delete lines 2565 to 2574 of nss_mdns.c (the above loop). Valid RDATA doesn't have leading whitespace.

Thanks for your time.

--
Andrew White

--------------------------------------------------------------------------
This email and any attachments may be confidential. They may contain legally
privileged information or copyright material. You should not read, copy,
use or disclose them without authorisation. If you are not an intended
recipient, please contact us at once by return email and then delete both
messages. We do not accept liability in connection with computer virus,
data corruption, delay, interruption, unauthorised access or unauthorised
amendment. This notice should not be removed.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Bonjour-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


Follow-Ups:

Re: DNS name compression and Bonjour
From: Marc Krochmal <email@hidden>


References:  
  >Re: DNS name compression and Bonjour (From: Stuart Cheshire <email@hidden>)




Prev by Date:
Re: Patch - Compilation error C2894 when compiling VPCDetect.cpp	with MSVS2005 (VC++ 8.0)

Next by Date:
compiling for m68k

Previous by thread:
Re: DNS name compression and Bonjour

Next by thread:
Re: DNS name compression and Bonjour

Index(es):

Date
Thread













  
   Home
   Archives
   Terms/Conditions
   Contact
   RSS
   Lists
   About
 






Visit the Apple Store online or at retail locations.

1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2011 Apple Inc. All rights reserved.

References:
	>Re: DNS name compression and Bonjour (From: Stuart Cheshire <email@hidden>)