[Dnsmasq-discuss] crash with DNSSEC on 2.80

Sun Jul 14 02:21:23 BST 2019

Hello dnsmasqers,

I'm running dnsmasq 2.80 on FreeBSD 12-stable. It works perfectly when I 
have DNSSEC disabled. But when I enable it, I get crashes every hour or 
so. I haven't worked out what's happening exactly, but it looks like 
it's accessing past the end of a buffer. Running in lldb gives the 
following info:

Process 19920 stopped
* thread #1, name = 'dnsmasq', stop reason = signal SIGSEGV: invalid 
address (fault address: 0x8)
     frame #0: 0x0000000000274802 
dnsmasq`sort_rrset(header=0x0000000801a29000, plen=512, 
rr_desc=0x000000000027f474, rrsetidx=27430912, rrset=0x00000008013f87d0, 
buff1="mozilla.org", buff2="mozilla.org") at dnssec.c:304
    301            end1 = p1 + rdlen1;
    302
    303            p2 += 8; /* skip class, type, ttl */
-> 304            GETSHORT(rdlen2, p2);
    305            end2 = p2 + rdlen2;
    306
    307            dp1 = dp2 = rr_desc;
(lldb) bt
* thread #1, name = 'dnsmasq', stop reason = signal SIGSEGV: invalid 
address (fault address: 0x8)
   * frame #0: 0x0000000000274802 
dnsmasq`sort_rrset(header=0x0000000801a29000, plen=512, 
rr_desc=0x000000000027f474, rrsetidx=27430912, rrset=0x00000008013f87d0, 
buff1="mozilla.org", buff2="mozilla.org") at dnssec.c:304
     frame #1: 0x00000000002714c1 dnsmasq`validate_rrset(now=1562977226, 
header=0x0000000801a29000, plen=512, class=1, type=5, sigidx=8, 
rrsetidx=27430912, name="incoming.telemetry.mozilla.org", 
keyname="mozilla.org", wildcard_out=0x00007fffffffe388, 
key=0x0000000000000000, keylen=0, algo_in=0, keytag_in=0) at dnssec.c:506
     frame #2: 0x0000000000273479 
dnsmasq`dnssec_validate_reply(now=1562977226, header=0x0000000801a29000, 
plen=512, name="incoming.telemetry.mozilla.org", keyname="mozilla.org", 
class=0x0000000801a1f248, check_unsigned=1, 
neganswer=0x0000000000000000, nons=0x0000000000000000) at dnssec.c:1920
     frame #3: 0x000000000023306f dnsmasq`reply_query(fd=15, family=2, 
now=1562977226) at forward.c:1029
     frame #4: 0x000000000024211c 
dnsmasq`check_dns_listeners(now=1562977226) at dnsmasq.c:1644
     frame #5: 0x0000000000240bab dnsmasq`main(argc=6, 
argv=0x00007fffffffe9f8) at dnsmasq.c:1104
     frame #6: 0x000000000021311b dnsmasq`_start(ap=<unavailable>, 
cleanup=<unavailable>) at crt1.c:76

My dnsmasq.conf is below.

Does anybody have any clues, please?

Thanks,
     Graham

conf-file=/etc/dnsmasq-conf.conf
resolv-file=/etc/dnsmasq-resolv.conf

server=8.8.8.8
server=8.8.4.4

# use DNSSEC
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
dnssec-check-unsigned

# filter what we send upstream
domain-needed
bogus-priv
localise-queries

# allow /etc/hosts and dhcp lookups via *.lan
domain=menhennitt.com.au
expand-hosts
no-negcache

# enable dhcp (start,end,netmask,leasetime)
dhcp-authoritative
dhcp-range=re0,203.3.73.51,203.3.73.90,255.255.255.0,12h
# default route(s)
dhcp-option=3,203.3.73.1

# use /etc/ethers for static hosts; same format as --dhcp-host
# <hwaddr> <ipaddr>
read-ethers