Bug #46806 for bind9-public: dig crash on malformed domain name argument

Fri, 08 Dec 2017 10:14:40 -0500 Tony Finch <dot@dotat.at> - Ticket created

Subject:	dig crash on malformed domain name argument
CC:	"Tony Finch" <dot@dotat.at>
To:	bind9-bugs@isc.org
From:	"Tony Finch" <dot@dotat.at>
Date:	Fri, 8 Dec 2017 15:14:32 +0000

$ dig +dnssec nsec \\0.se. dig: '\0.se.' is not a legal name (bad escape) name.c:1414: REQUIRE((__builtin_expect(!!((name) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(name))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n')))), 1))) failed, back trace #0 0x558c30cd7067 in __do_global_dtors_aux_fini_array_entry()+0x558c308178e7 #1 0x558c30cd6fba in __do_global_dtors_aux_fini_array_entry()+0x558c3081783a #2 0x558c30b6b33a in __do_global_dtors_aux_fini_array_entry()+0x558c306abbba #3 0x558c30b6cdae in __do_global_dtors_aux_fini_array_entry()+0x558c306ad62e #4 0x558c30b474a4 in __do_global_dtors_aux_fini_array_entry()+0x558c30687d24 #5 0x558c30b49402 in __do_global_dtors_aux_fini_array_entry()+0x558c30689c82 #6 0x558c30b4d016 in __do_global_dtors_aux_fini_array_entry()+0x558c3068d896 #7 0x558c30cfa827 in __do_global_dtors_aux_fini_array_entry()+0x558c3083b0a7 #8 0x7fe65e3b5064 in __do_global_dtors_aux_fini_array_entry()+0x7fe65def58e4 #9 0x7fe65dd8362d in __do_global_dtors_aux_fini_array_entry()+0x7fe65d8c3ead Aborted Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ - I xn--zr8h punycode Thames: Northwest 6 to gale 8. Rough or very rough. Wintry showers. Mainly good.

Fri, 08 Dec 2017 10:26:22 -0500 Tony Finch <dot@dotat.at> - Correspondence added

CC:	"Tony Finch" <dot@dotat.at>, "Ray Bellis" <ray@isc.org>
Date:	Fri, 8 Dec 2017 15:25:59 +0000
From:	"Tony Finch" <dot@dotat.at>
To:	"BIND9 Bugs via RT" <bind9-confidential@isc.org>
Subject:	Re: [ISC-Bugs #46806] AutoReply: dig crash on malformed domain name argument

Looks like this was introduced by the iOS port in commit 8993ecd06a which changed a fatal() to a warn() which then blunders into dns_name_format() with an invalid name. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ - I xn--zr8h punycode North Fitzroy, Sole: Northerly or northeasterly becoming cyclonic later, 5 to 7, perhaps gale 8 later. Rough or very rough. Occasional rain. Good, occasionally poor.

Fri, 08 Dec 2017 10:26:22 -0500 The RT System itself - Status changed from 'new' to 'open'

Sun, 10 Dec 2017 18:09:02 -0500 Mark Andrews <marka@isc.org> - Correspondence added

Date:	Mon, 11 Dec 2017 10:08:54 +1100
Subject:	Re: [ISC-Bugs #46806] dig crash on malformed domain name argument
To:	bind9-confidential@isc.org
From:	"Mark Andrews" <marka@isc.org>

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index dd562f376a..ac2db2a020 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -2203,6 +2203,8 @@ setup_lookup(dig_lookup_t *lookup) { #if TARGET_OS_IPHONE check_next_lookup(current_lookup); return (ISC_FALSE); +#else + digexit(); #endif } } > On 9 Dec 2017, at 2:14 am, Tony Finch via RT <bind9-confidential@isc.org> wrote: > > > Fri Dec 08 15:14:40 2017: Request 46806 was acted upon. > Transaction: Ticket created by dot@dotat.at > Queue: bind9-confidential > Subject: dig crash on malformed domain name argument > Owner: Nobody > Requestors: dot@dotat.at > Status: new > Ticket <URL: https://bugs.isc.org/Ticket/Display.html?id=46806 > > ----------------------------------------------------------------------- > > > $ dig +dnssec nsec \\0.se. > dig: '\0.se.' is not a legal name (bad escape) > name.c:1414: REQUIRE((__builtin_expect(!!((name) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(name))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n')))), 1))) failed, back trace > #0 0x558c30cd7067 in __do_global_dtors_aux_fini_array_entry()+0x558c308178e7 > #1 0x558c30cd6fba in __do_global_dtors_aux_fini_array_entry()+0x558c3081783a > #2 0x558c30b6b33a in __do_global_dtors_aux_fini_array_entry()+0x558c306abbba > #3 0x558c30b6cdae in __do_global_dtors_aux_fini_array_entry()+0x558c306ad62e > #4 0x558c30b474a4 in __do_global_dtors_aux_fini_array_entry()+0x558c30687d24 > #5 0x558c30b49402 in __do_global_dtors_aux_fini_array_entry()+0x558c30689c82 > #6 0x558c30b4d016 in __do_global_dtors_aux_fini_array_entry()+0x558c3068d896 > #7 0x558c30cfa827 in __do_global_dtors_aux_fini_array_entry()+0x558c3083b0a7 > #8 0x7fe65e3b5064 in __do_global_dtors_aux_fini_array_entry()+0x7fe65def58e4 > #9 0x7fe65dd8362d in __do_global_dtors_aux_fini_array_entry()+0x7fe65d8c3ead > Aborted > > Tony. > -- > f.anthony.n.finch <dot@dotat.at> http://dotat.at/ - I xn--zr8h punycode > Thames: Northwest 6 to gale 8. Rough or very rough. Wintry showers. Mainly > good. > > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

Sun, 10 Dec 2017 18:10:07 -0500 Mark Andrews <marka@isc.org> - Severity S2 Normal added

Sun, 10 Dec 2017 18:10:07 -0500 Mark Andrews <marka@isc.org> - Priority P2 Normal added

Sun, 10 Dec 2017 18:10:07 -0500 Mark Andrews <marka@isc.org> - Area bug added

Sun, 10 Dec 2017 18:10:08 -0500 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'review'

Sun, 10 Dec 2017 18:10:08 -0500 Mark Andrews <marka@isc.org> - Queue changed from #6 to bind9-public

Mon, 11 Dec 2017 21:45:03 -0500 Mark Andrews <marka@isc.org> - Version Fixed 9.12.? added

Mon, 11 Dec 2017 21:45:04 -0500 Mark Andrews <marka@isc.org> - Correspondence added

4845. [bug] Dig (non iOS) should exit on malformed names. [RT #46806]

Mon, 11 Dec 2017 21:45:07 -0500 Mark Andrews <marka@isc.org> - Status changed from 'review' to 'resolved'

Created:	Fri, 08 Dec 2017 10:14:40 -0500
Updated:	Mon, 11 Dec 2017 21:45:07 -0500
Closed:	Mon, 11 Dec 2017 21:45:07 -0500

Bug #46806 for bind9-public: dig crash on malformed domain name argument

This bug tracker is no longer active.