Date: Thu, 18 May 2017 02:05:24 +0200 From: Robert Święcki <robert@...ecki.net> To: Daniel Kahn Gillmor <dkg@...thhorseman.net> Cc: oss-security@...ts.openwall.com, "Jason A. Donenfeld" <Jason@...c4.com>, rxvt-unicode@...ts.schmorp.de, rxvt@...morp.de Subject: Re: terminal emulators' processing of escape sequences Hi again, > 2017-05-17 15:56 GMT+02:00 Daniel Kahn Gillmor <dkg@...thhorseman.net>: >>> Please consider the following example: >>> >>> $ tail -n1 /etc/hosts | xxd >>> 00000000: 3132 372e 302e 302e 3309 1b47 513b 205a 127.0.0.3..GQ; Z >>> 00000010: 5a5a 0a ZZ. >>> $ ping ZZZ >>> PING ; (127.0.0.3) 56(84) bytes of data. >>> ^[G0 >>> 64 bytes from ; (127.0.0.3): icmp_seq=1 ttl=64 time=0.039 ms >>> ^[G0 >>> 64 bytes from ; (127.0.0.3): icmp_seq=2 ttl=64 time=0.032 ms >>> ^[G0 >>> ^C >>> --- ; ping statistics --- >>> 2 packets transmitted, 2 received, 0% packet loss, time 1014ms >>> rtt min/avg/max/mdev = 0.032/0.035/0.039/0.006 ms >>> ^[G0 >>> $ 0 >>> bash: 0: command not found >> >> what version of ping are you using? I was unable to replicate this with >> either the debian iputils-ping package version 3:20161105-1, or with >> debian inetutils-ping package version 2:1.9.4-2+b1. neither of them seem to >> do a getnameinfo() at all if it is initially supplied with an IP >> address. > > Works for me with the following: > > Ubuntu 17.04's iputils-ping 3:20161105-1ubuntu2 > Fedora 25's iputils-20161105-1.fc25.x86_64 I believe you should try with $ ping ZZZ With $ ping 127.0.0.3 it doesn't do reverse lookups at all (as you'd pointed out). -- Robert Święcki
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.