aports/main/busybox/0011-nslookup-sanitize-all-printed-strings-with-printable.patch

From 277ee1dcd0955ce10b8aad8b699659e622c22986 Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Sun, 3 Apr 2022 20:44:51 +0000
Subject: [PATCH] nslookup: sanitize all printed strings with printable_string
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Otherwise, terminal sequences can be injected, which enables various terminal injection
attacks from DNS results.

CVE: Pending
Upstream-Status: Pending
Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
---
 networking/nslookup.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/networking/nslookup.c b/networking/nslookup.c
index b67d354f7..79412477c 100644
--- a/networking/nslookup.c
+++ b/networking/nslookup.c
@@ -784,7 +784,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
 				//printf("Unable to uncompress domain: %s\n", strerror(errno));
 				return -1;
 			}
-			printf(format, ns_rr_name(rr), dname);
+			printf(format, ns_rr_name(rr), printable_string(dname));
 			break;

 		case ns_t_mx:
@@ -799,7 +799,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
 				//printf("Cannot uncompress MX domain: %s\n", strerror(errno));
 				return -1;
 			}
-			printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
+			printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
 			break;

 		case ns_t_txt:
@@ -811,7 +811,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
 			if (n > 0) {
 				memset(dname, 0, sizeof(dname));
 				memcpy(dname, ns_rr_rdata(rr) + 1, n);
-				printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
+				printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
 			}
 			break;

@@ -831,7 +831,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
 			}

 			printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr),
-				ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname);
+				ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname));
 			break;

 		case ns_t_soa:
@@ -860,7 +860,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
 				return -1;
 			}

-			printf("\tmail addr = %s\n", dname);
+			printf("\tmail addr = %s\n", printable_string(dname));
 			cp += n;

 			printf("\tserial = %lu\n", ns_get32(cp));
No results found.