[Dnsmasq-discuss] Segfault with DNSSEC

Simon Kelley simon at thekelleys.org.uk
Thu Mar 27 22:08:10 UTC 2014


On 27/03/14 21:32, simon at simongoodall.co.uk wrote:
> On Fri, Mar 21, 2014 at 11:16:42AM +0000, Simon Kelley wrote:
>> On 20/03/14 22:25, simon at simongoodall.co.uk wrote:
>>> Hi,
>>>
>>> I'm getting a segfault running dnsmasq with dnssec enabled.
>>>
>>> Logs show the following;
>>>
>>> dnsmasq[10172]: query[AAAA] www.ncbi.nlm.nih.gov from 192.168.1.4
>>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.8.8.8
>>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.8.8.4
>>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 2001:4860:4860::8888
>>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 2001:4860:4860::8844
>>> dnsmasq[10172]: dnssec-query[DNSKEY] ncbi.nlm.nih.gov to 8.8.8.8
>>> dnsmasq[10172]: query[A] www.ncbi.nlm.nih.gov from 192.168.1.4
>>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.Enigmail8.8.8
>>> dnsmasq[10172]: query[AAAA] www.ncbi.nlm.nih.gov from 192.168.1.4
>>> dnsmasq[10172]: dnssec retry to 0.0.0.0
>>>
>>> and running in gdb yields;
>>>
>>> #0  0x00024e44 in forward_query (udpfd=8, udpaddr=0xbefff7c0, dst_addr=0xbefff7ac, 
>>>     dst_iface=2, header=0x71de8, plen=45, now=1395350397, forward=0x84430, ad_reqd=0, 
>>>     do_bit=0) at forward.c:294
>>> #1  0x0002790c in receive_query (listen=0x74768, now=1395350397) at forward.c:1280
>>> #2  0x000313a0 in check_dns_listeners (set=0xbefff8b8, now=1395350397) at dnsmasq.c:1436
>>> #3  0x0002fc1c in main (argc=4, argv=0xbefffcf4) at dnsmasq.c:951
>>> (gdb) 
>>>
>>> (gdb) print forward
>>> $1 = (struct frec *) 0x84430
>>> (gdb) print forward->rfd6
>>> $2 = (struct randfd *) 0x0
>>> (gdb) 
>>>
>>> I am running version from git -  v2.69test11.9.g0c8584e  on an arch linux arm box. I am regularly seeing a segfault when browsing this site, although not for every query.
>>>
>>
>> Many thanks. I've found, I think, the problem and pushed a fix for it to
>> git.
>>
>> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2b29191e7c6dcfd262997bdaf7bc8c6d539efa87
>>
>> Please could you see if that improves things?
>>Enigmail
>>
>> Cheers,> Simon
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

>>
>> Simon.
> 
> Got another segfault today. I didn't get a stacktrace this time, but the retry to now prints an ipv6 address rather than 0.0.0.0. 
> Looking at your change, it doesn't look to me like it stops the null dereference of rfd6 in fd = forward->rfd6->fd.
> 

Bah, you're right. I was seduced by the obvious bug and didn't look
beyond it. A second fix in the git repo now, which should solve things.

The sequence of events to trigger the bug is

Query sent to mixture of IPv4 and IPv6 upstream servers. First reply
from a server with different IPv4/IPv6 type than _last_ server query was
sent to. Extra query needed to get DNSSEC data, and that query times out
and needs retrying.

Not a frequent set of coincidences, obviously.


Cheers,
Simon.





More information about the Dnsmasq-discuss mailing list