Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 May 2017 02:03:04 +0200
From: Robert Święcki <robert@...ecki.net>
To: Daniel Kahn Gillmor <dkg@...thhorseman.net>
Cc: oss-security@...ts.openwall.com, "Jason A. Donenfeld" <Jason@...c4.com>, 
	rxvt-unicode@...ts.schmorp.de, rxvt@...morp.de
Subject: Re: terminal emulators' processing of escape sequences

Hi Daniel,

2017-05-17 15:56 GMT+02:00 Daniel Kahn Gillmor <dkg@...thhorseman.net>:
>> Please consider the following example:
>>
>> $ tail -n1 /etc/hosts | xxd
>> 00000000: 3132 372e 302e 302e 3309 1b47 513b 205a  127.0.0.3..GQ; Z
>> 00000010: 5a5a 0a                                  ZZ.
>> $ ping ZZZ
>> PING ; (127.0.0.3) 56(84) bytes of data.
>> ^[G0
>> 64 bytes from ; (127.0.0.3): icmp_seq=1 ttl=64 time=0.039 ms
>> ^[G0
>> 64 bytes from ; (127.0.0.3): icmp_seq=2 ttl=64 time=0.032 ms
>> ^[G0
>> ^C
>> --- ; ping statistics ---
>> 2 packets transmitted, 2 received, 0% packet loss, time 1014ms
>> rtt min/avg/max/mdev = 0.032/0.035/0.039/0.006 ms
>> ^[G0
>> $ 0
>> bash: 0: command not found
>
> what version of ping are you using?  I was unable to replicate this with
> either the debian iputils-ping package version 3:20161105-1, or with
> debian inetutils-ping package version 2:1.9.4-2+b1.  neither of them seem to
> do a getnameinfo() at all if it is initially supplied with an IP
> address.

Works for me with the following:

Ubuntu 17.04's iputils-ping 3:20161105-1ubuntu2
Fedora 25's iputils-20161105-1.fc25.x86_64

> That said, with the same last line of /etc/hosts, getent is willing
> to pass along the garbage chars:
>
> 0 test@...t:~$ getent hosts 127.0.0.3
> 127.0.0.3       ; ZZZ
> ^[G0
> 0 test@...t:~$ 0
> bash: 0: command not found
> 127 test@...t:~$


-- 
Robert Święcki

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ