From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/7428
Path: news.gmane.org!not-for-mail
From: Laurent Bercot <ska-dietlibc@skarnet.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: Re: Security advisory for musl libc - stack-based buffer
 overflow in ipv6 literal parsing [CVE-2015-1817]
Date: Sat, 18 Apr 2015 23:02:24 +0200
Message-ID: <5532C660.7010807@skarnet.org>
References: <20150417172327.GB6817@brightrain.aerifal.cx> <20150417180325.GC6817@brightrain.aerifal.cx> <20150417180907.GA26856@openwall.com> <20150418133202.GG17615@ucc.gu.uwa.edu.au> <20150418152542.GG6817@brightrain.aerifal.cx> <55327D1F.5070807@gmx.de> <20150418155845.GH6817@brightrain.aerifal.cx> <55328604.4000705@gmx.de> <20150418163702.GI6817@brightrain.aerifal.cx> <55329EDE.8020204@address4me.eu> <20150418195649.GJ6817@brightrain.aerifal.cx>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1429390957 2377 80.91.229.3 (18 Apr 2015 21:02:37 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 18 Apr 2015 21:02:37 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-7441-gllmg-musl=m.gmane.org@lists.openwall.com Sat Apr 18 23:02:37 2015
Return-path: <musl-return-7441-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-7441-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1YjZsq-0002XE-3C
	for gllmg-musl@m.gmane.org; Sat, 18 Apr 2015 23:02:36 +0200
Original-Received: (qmail 8128 invoked by uid 550); 18 Apr 2015 21:02:34 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 8110 invoked from network); 18 Apr 2015 21:02:33 -0000
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
In-Reply-To: <20150418195649.GJ6817@brightrain.aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:7428
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/7428>

On 18/04/2015 21:56, Rich Felker wrote:
> mail.aerifal.cx 74177   IN A    216.12.86.13
>
> I don't see any CNAMEs involved. Can you show me where the CNAME is
> coming from?

  There must be something poisoning caches somewhere, or you changed
something recently.
  Initially, here's what I had in my cache:

$ s6-dnsqr a mail.aerifal.cx
74 bytes, 1+2+0+0 records, response, rd, ra, noerror
query: 1 mail.aerifal.cx.
answer: mail.aerifal.cx. 76356 CNAME brightrain.aerifal.cx.
answer: brightrain.aerifal.cx. 76356 A 216.12.86.13

  Then I flushed my cache, and I got the correct result:

$ s6-dnsqr a mail.aerifal.cx
49 bytes, 1+1+0+0 records, response, rd, ra, noerror
query: 1 mail.aerifal.cx.
answer: mail.aerifal.cx. 86400 A 216.12.86.13

  I have no idea how the CNAME made it into my cache in the first
place. The .cx nameservers all correctly delegate without answering.
But since Harald saw the same thing as I did, I think it warrants
further investigation.

  (It's DNS, so it sucks. That's to be expected.)

-- 
  Laurent