Skip Menu |

This queue is for tickets about the Net-DNS CPAN distribution.

Report information
The Basics
Id: 5090
Status: resolved
Priority: 0/
Queue: Net-DNS
People
Owner: rt-cpan [...] triv.org
Requestors: caelum [...] debian.org
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 0.45
Fixed in: (no value)

History Show all quoted text
  Wed Jan 28 13:32:42 2004 Guest - Ticket created
Subject: Insecure Dependency in Net::DNS with Cygwin
Somehow Net::DNS is failing a UDP query, then is trying to send out a TCP query with tainted data under Cygwin. Debug output and backtrace attached. Tried with CPAN version and development snapshot of Net::DNS. Also reported here: http://www.cygwin.com/ml/cygwin/2004-01/msg01280.html The script that generates this error is: ------------------------ #!/usr/bin/perl -T use strict; use warnings; use Net::DNS; use Carp; $SIG{__DIE__} = sub { confess @_ }; my $res = Net::DNS::Resolver->new(debug => 1); my @mx = mx($res, "customoffers.com"); ------------------------ Operating System: Cygwin 1.5.7+ (CVS snapshot), Windows XP Pro My perl -V output: Summary of my perl5 (revision 5.0 version 8 subversion 2) configuration: Platform: osname=cygwin, osvers=1.5.5(0.9432), archname=cygwin-thread-multi-64int uname='cygwin_nt-5.0 troubardix 1.5.5(0.9432) 2003-09-20 16:31 i686 unknown unknown cygwin ' config_args='-de -Dmksymlinks -Duse64bitint -Dusethreads -Doptimize=-O2 -Dman3ext=3pm' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=define use64bitall=undef uselongdouble=undef usemymalloc=y, bincompat5005=undef Compiler: cc='gcc', ccflags ='-DPERL_USE_SAFE_PUTENV -fno-strict-aliasing', optimize='-O2', cppflags='-DPERL_USE_SAFE_PUTENV -fno-strict-aliasing' ccversion='', gccversion='3.3.1 (cygming special)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='ld2', ldflags =' -s -L/usr/local/lib' libpth=/usr/local/lib /usr/lib /lib libs=-lgdbm -ldb -lcrypt -lgdbm_compat perllibs=-lcrypt -lgdbm_compat libc=/usr/lib/libc.a, so=dll, useshrplib=true, libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' -s' cccdlflags=' ', lddlflags=' -s -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY USE_ITHREADS USE_64_BIT_INT USE_LARGE_FILES PERL_IMPLICIT_CONTEXT Built under cygwin Compiled at Nov 7 2003 12:06:28 %ENV: PERLDOC_PAGER="less -isrRqX" CYGWIN="tty export glob ntsec winsymlinks check_case:strict server" @INC: /usr/lib/perl5/5.8.2/cygwin-thread-multi-64int /usr/lib/perl5/5.8.2 /usr/lib/perl5/site_perl/5.8.2/cygwin-thread-multi-64int /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl
;; query(customoffers.com, MX, IN) ;; send_udp(192.168.1.243:53) ;; send_udp(192.168.1.1:53) ;; answer from 192.168.1.1:53 : 507 bytes ;; HEADER SECTION ;; id = 4853 ;; qr = 1 opcode = QUERY aa = 0 tc = 1 rd = 1 ;; ra = 1 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 23 nscount = 0 arcount = 0 ;; QUESTION SECTION (1 record) ;; customoffers.com. IN MX ;; ANSWER SECTION (23 records) customoffers.com. 38288 IN MX 110 om7.customoffers.com. customoffers.com. 38288 IN MX 120 om8.customoffers.com. customoffers.com. 38288 IN MX 130 om9.customoffers.com. customoffers.com. 38288 IN MX 140 om10.customoffers.com. customoffers.com. 38288 IN MX 150 om11.customoffers.com. customoffers.com. 38288 IN MX 160 om12.customoffers.com. customoffers.com. 38288 IN MX 170 om13.customoffers.com. customoffers.com. 38288 IN MX 180 om14.customoffers.com. customoffers.com. 38288 IN MX 190 om15.customoffers.com. customoffers.com. 38288 IN MX 200 om16.customoffers.com. customoffers.com. 38288 IN MX 210 om17.customoffers.com. customoffers.com. 38288 IN MX 10 mail.customoffers.com. customoffers.com. 38288 IN MX 11 contact.customoffers.com. customoffers.com. 38288 IN MX 20 oc1.customoffers.com. customoffers.com. 38288 IN MX 30 oc2.customoffers.com. customoffers.com. 38288 IN MX 40 oc3.customoffers.com. customoffers.com. 38288 IN MX 45 oc4.customoffers.com. customoffers.com. 38288 IN MX 46 oc5.customoffers.com. customoffers.com. 38288 IN MX 50 om1.customoffers.com. customoffers.com. 38288 IN MX 60 om2.customoffers.com. customoffers.com. 38288 IN MX 70 om3.customoffers.com. customoffers.com. 38288 IN MX 80 om4.customoffers.com. customoffers.com. 38288 IN MX 90 om5.customoffers.com. ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (0 records) ;; ;; packet truncated: retrying using TCP ;; send_tcp(192.168.1.243:53) (src port = 0) Insecure dependency in connect while running with -T switch at /usr/lib/perl5/5.8.2/cygwin-thread-multi-64int/IO/Socket.pm line 114. main::__ANON__('Insecure dependency in connect while running with -T switch a...') called at /usr/lib/perl5/5.8.2/cygwin-thread-multi-64int/IO/Socket.pm line 114 IO::Socket::connect('IO::Socket::INET=GLOB(0xa2b2be8)','\x{2}\x{0}\x{0}5\x{c0}\x{a8}\x{1}\x{f3}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}') called at /usr/lib/perl5/5.8.2/IO/Socket/INET.pm line 224 IO::Socket::INET::connect('IO::Socket::INET=GLOB(0xa2b2be8)','\x{2}\x{0}\x{0}5\x{c0}\x{a8}\x{1}\x{f3}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}') called at /usr/lib/perl5/5.8.2/IO/Socket/INET.pm line 199 IO::Socket::INET::configure('IO::Socket::INET=GLOB(0xa2b2be8)','HASH(0xa27699c)') called at /usr/lib/perl5/5.8.2/cygwin-thread-multi-64int/IO/Socket.pm line 48 IO::Socket::new('IO::Socket::INET','PeerAddr',192.168.1.243,'PeerPort',53,'LocalAddr',0.0.0.0,'LocalPort','undef',...) called at /usr/lib/perl5/5.8.2/IO/Socket/INET.pm line 32 IO::Socket::INET::new('IO::Socket::INET','PeerAddr',192.168.1.243,'PeerPort',53,'LocalAddr',0.0.0.0,'LocalPort','undef',...) called at /usr/lib/perl5/site_perl/5.8.2/cygwin-thread-multi-64int/Net/DNS/Resolver/Base.pm line 492 Net::DNS::Resolver::Base::send_tcp('Net::DNS::Resolver=HASH(0xa29f268)','Net::DNS::Packet=HASH(0xa1af28c)','\x{12}\x{f5}\x{1}\x{0}\x{0}\x{1}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{c}customoffers\x{3}com\x{0}\x{0}\x{f}\x{0}\x{1}') called at /usr/lib/perl5/site_perl/5.8.2/cygwin-thread-multi-64int/Net/DNS/Resolver/Base.pm line 445 Net::DNS::Resolver::Base::send('Net::DNS::Resolver=HASH(0xa29f268)','Net::DNS::Packet=HASH(0xa1af28c)') called at /usr/lib/perl5/site_perl/5.8.2/cygwin-thread-multi-64int/Net/DNS/Resolver/Base.pm line 423 Net::DNS::Resolver::Base::query('Net::DNS::Resolver=HASH(0xa29f268)','customoffers.com','MX','IN') called at /usr/lib/perl5/site_perl/5.8.2/cygwin-thread-multi-64int/Net/DNS.pm line 299 Net::DNS::mx('Net::DNS::Resolver=HASH(0xa29f268)','customoffers.com') called at taintmode-mx-lookup.pl line 11
  Fri Feb 06 00:44:58 2004 rt-cpan [...] triv.org - Status changed from 'new' to 'resolved'
  Fri Feb 06 00:44:58 2004 rt-cpan [...] triv.org - Given to CREIN