Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Reply-To: From: "Rafael Kitover" To: , Subject: Insecure Dependency in Net::DNS with Cygwin (WAS: Cygwin, win98, SA, Perl IO::Socket (Insecure dependency)) Date: Wed, 28 Jan 2004 10:30:42 -0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0065_01C3E589.C85BDE50" In-Reply-To: <4013994D.FB5DD959@wecs.com> Message-Id: X-IsSubscribed: yes ------=_NextPart_000_0065_01C3E589.C85BDE50 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Here's some information about a bug with Net::DNS when running under taint mode, previously reported here: http://www.cygwin.com/ml/cygwin/2004-01/msg01062.html ------------------------ #!/usr/bin/perl -T use strict; use warnings; use Net::DNS; use Carp; $SIG{__DIE__} = sub { confess @_ }; my $res = Net::DNS::Resolver->new(debug => 1); my @mx = mx($res, "customoffers.com"); ------------------------ The $SIG{__DIE__} generates a backtrace, the debug output and backtrace are attached to this message. I've tried the above script both with the CPAN version of Net::DNS and this CVS snapshot: http://www.net-dns.org/snaps/2004/01/Net-DNS-2004-01-28.tar.gz It seems like Net::DNS is failing to get a packet it likes back from a UDP query (although the packet looks ok?) and then tries to send a TCP query using some data coming from the failed UDP query, or something along those lines... Sending a report through the form on http://www.net-dns.org/ as well. -- Rafael ------=_NextPart_000_0065_01C3E589.C85BDE50 Content-Type: text/plain; name="net-dns-out.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="net-dns-out.txt" ;; query(customoffers.com, MX, IN) ;; send_udp(192.168.1.243:53) ;; send_udp(192.168.1.1:53) ;; answer from 192.168.1.1:53 : 507 bytes ;; HEADER SECTION ;; id =3D 4853 ;; qr =3D 1 opcode =3D QUERY aa =3D 0 tc =3D 1 rd =3D 1 ;; ra =3D 1 ad =3D 0 cd =3D 0 rcode =3D NOERROR ;; qdcount =3D 1 ancount =3D 23 nscount =3D 0 arcount =3D 0 ;; QUESTION SECTION (1 record) ;; customoffers.com. IN MX ;; ANSWER SECTION (23 records) customoffers.com. 38288 IN MX 110 om7.customoffers.com. customoffers.com. 38288 IN MX 120 om8.customoffers.com. customoffers.com. 38288 IN MX 130 om9.customoffers.com. customoffers.com. 38288 IN MX 140 om10.customoffers.com. customoffers.com. 38288 IN MX 150 om11.customoffers.com. customoffers.com. 38288 IN MX 160 om12.customoffers.com. customoffers.com. 38288 IN MX 170 om13.customoffers.com. customoffers.com. 38288 IN MX 180 om14.customoffers.com. customoffers.com. 38288 IN MX 190 om15.customoffers.com. customoffers.com. 38288 IN MX 200 om16.customoffers.com. customoffers.com. 38288 IN MX 210 om17.customoffers.com. customoffers.com. 38288 IN MX 10 mail.customoffers.com. customoffers.com. 38288 IN MX 11 contact.customoffers.com. customoffers.com. 38288 IN MX 20 oc1.customoffers.com. customoffers.com. 38288 IN MX 30 oc2.customoffers.com. customoffers.com. 38288 IN MX 40 oc3.customoffers.com. customoffers.com. 38288 IN MX 45 oc4.customoffers.com. customoffers.com. 38288 IN MX 46 oc5.customoffers.com. customoffers.com. 38288 IN MX 50 om1.customoffers.com. customoffers.com. 38288 IN MX 60 om2.customoffers.com. customoffers.com. 38288 IN MX 70 om3.customoffers.com. customoffers.com. 38288 IN MX 80 om4.customoffers.com. customoffers.com. 38288 IN MX 90 om5.customoffers.com. ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (0 records) ;; ;; packet truncated: retrying using TCP ;; send_tcp(192.168.1.243:53) (src port =3D 0) Insecure dependency in connect while running with -T switch at /usr/lib/per= l5/5.8.2/cygwin-thread-multi-64int/IO/Socket.pm line 114. main::__ANON__('Insecure dependency in connect while running with -T switc= h a...') called at /usr/lib/perl5/5.8.2/cygwin-thread-multi-64int/IO/Socket= .pm line 114 IO::Socket::connect('IO::Socket::INET=3DGLOB(0xa2b2be8)','\x{2}\x{0}\x{0}5= \x{c0}\x{a8}\x{1}\x{f3}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}') called at= /usr/lib/perl5/5.8.2/IO/Socket/INET.pm line 224 IO::Socket::INET::connect('IO::Socket::INET=3DGLOB(0xa2b2be8)','\x{2}\x{0}= \x{0}5\x{c0}\x{a8}\x{1}\x{f3}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}') cal= led at /usr/lib/perl5/5.8.2/IO/Socket/INET.pm line 199 IO::Socket::INET::configure('IO::Socket::INET=3DGLOB(0xa2b2be8)','HASH(0xa= 27699c)') called at /usr/lib/perl5/5.8.2/cygwin-thread-multi-64int/IO/Socke= t.pm line 48 IO::Socket::new('IO::Socket::INET','PeerAddr',192.168.1.243,'PeerPort',53,= 'LocalAddr',0.0.0.0,'LocalPort','undef',...) called at /usr/lib/perl5/5.8.2= /IO/Socket/INET.pm line 32 IO::Socket::INET::new('IO::Socket::INET','PeerAddr',192.168.1.243,'PeerPor= t',53,'LocalAddr',0.0.0.0,'LocalPort','undef',...) called at /usr/lib/perl5= /site_perl/5.8.2/cygwin-thread-multi-64int/Net/DNS/Resolver/Base.pm line 492 Net::DNS::Resolver::Base::send_tcp('Net::DNS::Resolver=3DHASH(0xa29f268)',= 'Net::DNS::Packet=3DHASH(0xa1af28c)','\x{12}\x{f5}\x{1}\x{0}\x{0}\x{1}\x{0}= \x{0}\x{0}\x{0}\x{0}\x{0}\x{c}customoffers\x{3}com\x{0}\x{0}\x{f}\x{0}\x{1}= ') called at /usr/lib/perl5/site_perl/5.8.2/cygwin-thread-multi-64int/Net/D= NS/Resolver/Base.pm line 445 Net::DNS::Resolver::Base::send('Net::DNS::Resolver=3DHASH(0xa29f268)','Net= ::DNS::Packet=3DHASH(0xa1af28c)') called at /usr/lib/perl5/site_perl/5.8.2/= cygwin-thread-multi-64int/Net/DNS/Resolver/Base.pm line 423 Net::DNS::Resolver::Base::query('Net::DNS::Resolver=3DHASH(0xa29f268)','cu= stomoffers.com','MX','IN') called at /usr/lib/perl5/site_perl/5.8.2/cygwin-= thread-multi-64int/Net/DNS.pm line 299 Net::DNS::mx('Net::DNS::Resolver=3DHASH(0xa29f268)','customoffers.com') ca= lled at taintmode-mx-lookup.pl line 11 ------=_NextPart_000_0065_01C3E589.C85BDE50 Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ------=_NextPart_000_0065_01C3E589.C85BDE50--