| CC: | thozza@redhat.com |
| Subject: | lwresd: segfault at start_lookup |
| Date: | Tue, 21 Jun 2016 14:48:14 +0200 |
| To: | bind-bugs@isc.org |
| From: | "Martin Sehnoutka" <msehnout@redhat.com> |
Description of the problem:
lwresd segfault at start_lookup function under specific
circumstances. Particularly when domain name with search domain is
too long (more than 254 characters).
Affected versions:
All versions of Bind 9 available from RHEL repositories seems to be affected as well as upstream version from 'master' branch.
We investigated the problem and it seems that lwresd does not
iterate over search domains and thus end up in infinite loop and
eventually segfaults.
Steps to reproduce:
1. Create 'server' and 'client' scripts with this content:
client:
----
#!/usr/bin/python
from __future__ import print_function
from ctypes import *
lwres = CDLL("liblwres.so")
lwres.lwres_getrrsetbyname.argtypes = (c_char_p, c_int, c_int, c_int, c_void_p)
name = 3 * ("a" * 63 + ".") + "a" * 61
print("{0} ({1})".format(name, len(name)))
result = lwres.lwres_getrrsetbyname(name, 1, 1, 0, None)
print(result)
----
server:
----
#!/bin/bash
lwresd -g -d 100 -c <(echo 'options { forwarders { 172.16.36.2; }; }; lwres { search { a; }; };')
----
You need to use an IP address of an actual recursive DNS server in the server script.
2. Run server script and wait until it settles, then run client in
another terminal.Expected result: Server should stay running. Client should print a non-zero error code.
Actual result: Server segfaults. Client hangs waiting for a response.
Proposed patch is attached.
-- Martin Sehnoutka Associate Software Engineer Brno, Purkyňova 99 RED HAT | TRIED. TESTED. TRUSTED.
Message body is not shown because sender requested not to inline it.