[HN Gopher] nginx: 1-byte memory overwrite vulnerability in DNS ...
       ___________________________________________________________________
        
       nginx: 1-byte memory overwrite vulnerability in DNS resolver
       (CVE-2021-23017)
        
       Author : luismerino
       Score  : 26 points
       Date   : 2021-05-25 16:28 UTC (6 hours ago)
        
 (HTM) web link (x41-dsec.de)
 (TXT) w3m dump (x41-dsec.de)
        
       | zibzab wrote:
       | The DNS protocol is just a landmine even for the most experienced
       | developers. Just look at those recursive name fields!
       | 
       | I think it's time we come up with something better.
        
         | inshadows wrote:
         | Like what? Are you going to split the world into two
         | incompatible protocols because of little things like field
         | names?
        
           | zibzab wrote:
           | Like a DNSv2 with a more sane encoding scheme.
           | 
           | Given how slow dnssec is being adopted, maybe if we hurry our
           | children can enjoy DNSv2
        
       | geofft wrote:
       | The Phrack "vudo" writeup from 2001 was about getting arbitrary
       | code execution given a one-byte out-of-bounds heap write that
       | replaced something with a NUL byte and immediately set it back.
       | 
       | http://phrack.org/issues/57/8.html
        
       | superkuh wrote:
       | The patch described on the vulnerability page worked 1-to-1 for
       | in two nginx versions I fixed. But in nginx 1.20 in
       | ./src/core/ngx_resolver.c the second replacement does not match
       | the existing if (len == -1){contents} and I had to remove some
       | extra bits based on what seemed right it manually.
        
       ___________________________________________________________________
       (page generated 2021-05-25 23:01 UTC)