Bug#702914: CVE-2013-1841 still unsolved?
Rob Brown
bbb at cpan.org
Thu May 28 22:38:18 BST 2020
Oh, you're right! The code still appears to be bad to me.
Please provide a patch that performs a gethostbyname() on the
gethostbyaddr() to compare to ensure it matches the $addr before gleefully
bricking over {'peerhost'}.
On Thu, May 28, 2020 at 2:25 PM Petter Reinholdtsen <pere at hungry.com> wrote:
> [Rob Brown]
> > Is this Issue still open? Is it still a problem in the latest version?
> > Or can I close this RT Ticket now?
>
> The code in question seem to be this section from Net/Server.pm version
> 2.009:
>
> if ($addr && defined $prop->{'reverse_lookups'}) {
> if ($INC{'Socket6.pm'} && Socket6->can('getnameinfo')) {
> my @res = Socket6::getnameinfo($addr, 0);
> $prop->{'peerhost'} = $res[0] if @res > 1;
> }else{
> $prop->{'peerhost'} = gethostbyaddr($addr, AF_INET);
> }
> }
>
> As far as I can tell, it only do reverse lookup without comparing it to
> the addresses returned by a lookup of the name returned by the reverse
> lookup, which seem to be the problem described in the CVE.
>
> In short, I believe the problem from 2013 still is unsolved in version
> 2.009, but do not know the code and might have overlooked something.
>
> --
> Happy hacking
> Petter Reinholdtsen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20200528/2374e40e/attachment.html>
More information about the pkg-perl-maintainers
mailing list