[Dnsmasq-discuss] [PATCH] auth: Fix segfault when querying ptr locally on ip6.arpa auth-zone

Simon Kelley simon at thekelleys.org.uk
Sun Apr 12 21:41:01 BST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/04/15 23:51, Johnny S. Lee wrote:
> Just a quick fix on obvious calls with NULL pointer. Not sure if
> I'm doing it correctly. At least it won't crash anymore with my
> config:
> 
> auth-server=my.domain.tld,ethN 
> auth-zone=my.domain.tld,a.b.c.d/32,w:x:y:z::/64 
> auth-zone=z.0.0.0.y.0.0.0.x.0.0.0.w.0.0.0.ip6.arpa
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This line is superfluous, and the direct cause of the problem you're
seeing, the w:x:y:z::/64 in the line above automatically makes

z.0.0.0.y.0.0.0.x.0.0.0.w.0.0.0.ip6.arpa

an authoritative zone, there's no need to declare it as such.

The crash is real, and needs to be fixed: the code fails to account
for the someone configuring it like you did, because it's not how it
was intended to be configured, I guess. I've applied the patch, or
something like it. In the meantime, just deleting that line will make
dnsmasq, as released, not crash.


Thanks for the bug report.


Cheers,

Simon.



> 
> Debug against ad4a8ff7d9097008d7623df8543df435bfddeac8, when
> running the following on a machine in local network: dig ptr 
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.z.0.0.0.y.0.0.0.x.0.0.0.w.0.0.0.ip6.ar
pa
>
> 
(note: I have a host record of that address in a hosts file)
> 
> Program received signal SIGSEGV, Segmentation fault. in_zone
> (zone=0x0, name=0x456008 "my.domain.tld", cut=0x0) at auth.c:60 60
> size_t domainlen = strlen(zone->domain); in auth.c (gdb) backtrace 
> #0  in_zone (zone=0x0, name=0x456008 "my.domain.tld", cut=0x0) at
> auth.c:60 #1  0x00438784 in answer_auth (header=0x459000,
> limit=0x45a000 "", qlen=90, now=1428682071, peer_addr=0x7fff6840,
> local_query=1) at auth.c:220 #2  0x00417778 in receive_query
> (listen=0x458878, now=1428682071) at forward.c:1339 #3  0x0041bf38
> in check_dns_listeners (set=0x7fff69fc, now=1428682071) at
> dnsmasq.c:1547 #4  0x0041f240 in main (argc=<optimized out>,
> argv=<optimized out>) at dnsmasq.c:1031 --- src/auth.c | 5 +++-- 1
> file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/src/auth.c b/src/auth.c index 15721e5..ccfdc19 100644 
> --- a/src/auth.c +++ b/src/auth.c @@ -186,7 +186,7 @@ size_t
> answer_auth(struct dns_header *header, char *limit, size_t qlen,
> time_t n
> 
> if (intr) { -          if (in_zone(zone, intr->name, NULL)) +
> if (local_query || in_zone(zone, intr->name, NULL)) { found = 1; 
> log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL); @@
> -209,6 +209,7 @@ size_t answer_auth(struct dns_header *header,
> char *limit, size_t qlen, time_t n
> 
> /* add  external domain */ strcat(name, "."); +          /* FIXME:
> zone is NULL when local_query == 1 */ strcat(name, zone->domain); 
> log_query(flag | F_DHCP | F_REVERSE, name, &addr, 
> record_source(crecp->uid)); found = 1; @@ -217,7 +218,7 @@ size_t
> answer_auth(struct dns_header *header, char *limit, size_t qlen,
> time_t n T_PTR, C_IN, "d", name)) anscount++; } -          else if
> (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL)) +
> else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || 
> in_zone(zone, name, NULL))) { log_query(crecp->flags & ~F_FORWARD,
> name, &addr, record_source(crecp->uid)); found = 1;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlUq2F0ACgkQKPyGmiibgrcIqACeMmiXvfcDsbo+jzLc2PIdy/JV
NzMAoIZN7oH3DOiHEG0rMPlL4OJkqzwq
=Z4n5
-----END PGP SIGNATURE-----

More information about the Dnsmasq-discuss mailing list