[Dnsmasq-discuss] Dnsmasq 2.75 on Ubuntu 16.04 crashes reproducibly

Simon Kelley simon at thekelleys.org.uk
Tue May 3 16:37:59 BST 2016


I'm pretty sure that this is fixed in the current code.

>From the CHANGELOG:

            Fix crash when an A or AAAA record is defined locally,
            in a hosts file, and an upstream server sends a reply
            that the same name is empty. Thanks to Edwin Török for
            the patch.


Cheers,

Simon.


On 18/04/16 13:52, Alexander E. Patrakov wrote:
> Hi.
> 
> The company I work for has a server with Ubuntu 16.04 installed on it
> (yes, I know, not officially out yet, but the server is not in


> production either). Dnsmasq (version 2.75) is there because it is the
> simplest option to provide DHCP and DNS to LXC containers.
> 
> While playing with this setup, I found a reproducible crasher. I have
> set up a domain name, broken-record.chickenkiller.com, that can be used
> to expose this crash.
> 
> To reproduce the crasher, please create a VM with Ubuntu 16.04, on a
> network that has both IPv4 and IPv6, with static addresses.
> 
> In /etc/hostname, put this line:
> 
> broken-record
> 
> In /etc/hosts, put these lines:
> 
> 127.0.0.1 localhost.localdomain localhost
> ::1     ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrowww.bbc.net.ukuters
> ff02::3 ip6-allhosts
> 
> <ipv4-address> broken-record.chickenkiller.com broken-record
> <ipv6-address> broken-record.chickenkiller.com broken-record
> 
> Ubuntu runs dnsmasq as follows:
> 
> /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -r
> /var/run/dnsmasq/resolv.conf -7
> /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
> --trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
> 
> 
> There is already a record in DNS that maps
> crashme.broken-record.chickenkiller.com. as a CNAME to
> broken-record.chickenkiller.com. Also, there is an A record for
> broken-record.chickenkiller.com, but there is no AAAA record.
> 
> Again, it is important to name the VM as
> "broken-record.chickenkiller.com", because the crash happens only if a
> CNAME points to a record that exists in /etc/hosts as an IPv6 address.
> 
> So - this query reliably crashes dnsmasq:
> 
> dig @127.0.0.1 crashme.broken-record.chickenkiller.com. AAAA
> 
> The crash is in cache_insert(), which is called from extract_addresses().
> 




More information about the Dnsmasq-discuss mailing list