coolaj86/dns-suite.js
1
0
Derivar 0
Código Questões 1 Pedidos de integração 1 Lançamentos Trabalho

tried commenting out some code from befferconsumer to trace down more of the problem

Ver a proveniência
Este cometimento está contido em:
Daplie 2017-01-14 10:08:07 -07:00
ascendente 3353d096ae
cometimento fc6aee5ddc
3 ficheiros modificados com 39 adições e 12 eliminações
Mostrar estatísticas Descarregar ficheiro patch Descarregar ficheiro diff Expandir todos os ficheiros Colapsar todos os ficheiros

31
howto.md
Ver ficheiro

@ -15,7 +15,7 @@ How to duplicate DNS crash:
Then in another terminal enter: Then in another terminal enter:
``` ```
dig @224.0.0.251 -p 5353 -t PTR _cloud._tcp.local >> dig @224.0.0.251 -p 5353 -t PTR _cloud._tcp.local
``` ```
The listener then crashes with an output of: The listener then crashes with an output of:
@ -39,11 +39,38 @@ Error: Buffer overflow
at Object.module.exports.respond (/home/daplie/dns_test/cloud-respond.js:10:11) at Object.module.exports.respond (/home/daplie/dns_test/cloud-respond.js:10:11)
``` ```
After commenting out lines 45-53 in dns_test/node_modules/dns-js/lib/bufferconsumer.js
and rerunning the previous commands, the result is a new error:
```
START DNS PACKET
buffer.js:829
throw new RangeError('Index out of range');
^
RangeError: Index out of range
at checkOffset (buffer.js:829:11)
at Buffer.readUInt8 (buffer.js:867:5)
at BufferConsumer.byte (/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:67:22)
at BufferConsumer.name (/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:120:14)
at Function.DNSRecord.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnsrecord.js:187:14)
at /home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:164:30
at Array.forEach (native)
at Function.DNSPacket.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:159:17)
at /home/daplie/dns_test/cloud-respond.js:86:31
at Array.forEach (native)
```
which is located in the node.js buffer module. The API is [here](https://nodejs.org/api/buffer.html).
When can a Buffer overflow problem occur in js?
How to print out hex values of the DNS message? What are the possible problems?
How to print out hex values of the DNS message in node.js?
```javascript ```javascript
socket.on('message', function (message, rinfo) { socket.on('message', function (message, rinfo) {

2
listen.js
Ver ficheiro

@ -15,7 +15,7 @@ socket.on('message', function (message, rinfo) {
console.log('Received %d bytes from %s:%d\n', console.log('Received %d bytes from %s:%d\n',
message.length, rinfo.address, rinfo.port); message.length, rinfo.address, rinfo.port);
//console.log(msg.toString('utf8')); //console.log(msg.toString('utf8'));
buf.forEach parseInt(byte.toString('hex'), 16).toString(2); message.forEach(parseInt(byte.toString('hex'), 16).toString(2));
console.log(message.toString('hex')); console.log(message.toString('hex'));
var packets; var packets;

18
node_modules/dns-js/lib/bufferconsumer.js gerado externo
Ver ficheiro

@ -42,15 +42,15 @@ BufferConsumer.prototype.slice = function (length) {
return v; return v;
} }
else { else {
if ((this._offset + length) > this.length) { // if ((this._offset + length) > this.length) {
debug('Buffer owerflow. Slice beyond buffer.', { // debug('Buffer owerflow. Slice beyond buffer.', {
offset: this._offset, // offset: this._offset,
length: length, // length: length,
bufferLength: this.length // bufferLength: this.length
}); // });
debug('so far', this); // debug('so far', this);
throw new Error('Buffer overflow'); // throw new Error('Buffer overflow');
} // }
v = this.buffer.slice(this._offset, this._offset + length); v = this.buffer.slice(this._offset, this._offset + length);
this._offset += length; this._offset += length;
return v; return v;