Re: Ray Cromwell: Another Netscape Bug (and possible security

mueller_scott (scott@LOC3.TANDEM.COM)
Fri, 22 Sep 1995 11:23:12 PDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Howard B Owen: "Re: Ray Cromwell: Another Netscape Bug (and possible security"
Previous message: Perry E. Metzger: "Ray Cromwell: Another Netscape Bug (and possible security hole)"

Perry writes:

>This bug may make it possible to execute arbitrary code on any
>Netscape browser on the net.

Ray Clark writes:

>As you can see, I just chose an extremely long domain name. I guessed
>that the authors of netscape probably thought something like "well,
>a buffer size of 256 characters is good enough to hold any domain"

Not that it entirely excuses Netscape, but RFC 1034 ("DOMAIN NAMES - CONCEPTS
AND FACILITIES") section 3.1 states:

To simplify implementations, the total number of octets that represent a
domain name (i.e., the sum of all label octets and label lengths) is
limited to 255.

[end excerpt]

They should handle exceptions gracefully.

--
Scott Hazen Mueller, Tandem Computers     +1 408 285 5762  scott@tandem.com
   Unix System/Network Administrator, Host-, Post-, News- and Web-Master

Next message: Howard B Owen: "Re: Ray Cromwell: Another Netscape Bug (and possible security"
Previous message: Perry E. Metzger: "Ray Cromwell: Another Netscape Bug (and possible security hole)"