Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!wuarchive!udel!princeton!phoenix.Princeton.EDU!subbarao From: subbarao@phoenix.Princeton.EDU (Kartik Subbarao) Newsgroups: comp.unix.internals Subject: Re: segmentation fault with long host names Message-ID: <4895@idunno.Princeton.EDU> Date: 21 Dec 90 01:39:39 GMT References: <1990Dec20.203518.24899@cs.widener.edu> Sender: news@idunno.Princeton.EDU Lines: 61 In article <1990Dec20.203518.24899@cs.widener.edu> brendan@cs.widener.edu (Brendan Kehoe) writes: > > Howdy .. I just came across something strange. I'd like to verify it before >letting Sun know about it (in case it's a site-specific problem, rather >than a system problem). > Whenever I try to do any operation on the name > kfps-roble6-dynamic.stanford.edu > with ping, telnet, ftp, etc, I get "Segmentation fault". Hmm - I tried this too and the same thing happened. (I'm also running on a Sun, but at least its not site - specific) > But this also happens with other things .. dig bitches about a >truncated answer & says "connection refused"; host sits there staring. >Only nslookup has ever been able to deal with it. > I'd say it's being snagged by MAXHOSTNAMELEN, but that doesn't make >sense; foo.bar.baz.mix.me.a.good.drink is dealable -- only when one >particular part of a FQDN is really long does it die. > Whatcha think? > I thought it was something similar to that too (i.e MAXHOSTNAMELEN). So to find out, I compiled telnet with symbols and gdb'd the sucker. As it turns out, the segmentation fault occurs in bcopy(), which is called by memcopy(). the memcopy in the telnet code goes like this: memcpy((caddr_t)&sin.sin_addr, host->h_addr_list[0], host->h_length); The segfault comes from h_addr_list pointing to some illegitimate place. (So when you dereference the pointer via h_addr_list[0], boom!) And how did it get to be pointing there, you might ask? Amazing place. gethostbyname(). host = gethostbyname(hostp) is called, with hostp being "kfps-roble6-dynamic.stanford.edu". gethostbyname here returns a struct hostent * which has really confused fields in it. They simply don't make sense. I wish I had symbols for wherever that source is. It would be nice to find out why. But I suspect that it has something to do with the length of the name. If you used the specific example "foo.bar.baz.mix.me.a.good.drink", then things go okay (well it doesnt segfault) because the gethostbyname returns NULL on that name, and telnet can tell the errors. And since gethostbyname() is used universally in telnet, ftp, etc. they all segfault. Okay, someone who has the source to all this -- Why is gethostbyname returning bad things? -Kartik -- internet# ls -alR | grep *.c subbarao@{phoenix or gauguin}.Princeton.EDU -|Internet kartik@silvertone.Princeton.EDU (NeXT mail) -| SUBBARAO@PUCC.BITNET - Bitnet