[Dnsmasq-discuss] crash with DNSSEC on 2.80
Graham Menhennitt
graham+dnsmasq at menhennitt.com.au
Sun Jul 14 02:21:23 BST 2019
Hello dnsmasqers,
I'm running dnsmasq 2.80 on FreeBSD 12-stable. It works perfectly when I
have DNSSEC disabled. But when I enable it, I get crashes every hour or
so. I haven't worked out what's happening exactly, but it looks like
it's accessing past the end of a buffer. Running in lldb gives the
following info:
Process 19920 stopped
* thread #1, name = 'dnsmasq', stop reason = signal SIGSEGV: invalid
address (fault address: 0x8)
frame #0: 0x0000000000274802
dnsmasq`sort_rrset(header=0x0000000801a29000, plen=512,
rr_desc=0x000000000027f474, rrsetidx=27430912, rrset=0x00000008013f87d0,
buff1="mozilla.org", buff2="mozilla.org") at dnssec.c:304
301 end1 = p1 + rdlen1;
302
303 p2 += 8; /* skip class, type, ttl */
-> 304 GETSHORT(rdlen2, p2);
305 end2 = p2 + rdlen2;
306
307 dp1 = dp2 = rr_desc;
(lldb) bt
* thread #1, name = 'dnsmasq', stop reason = signal SIGSEGV: invalid
address (fault address: 0x8)
* frame #0: 0x0000000000274802
dnsmasq`sort_rrset(header=0x0000000801a29000, plen=512,
rr_desc=0x000000000027f474, rrsetidx=27430912, rrset=0x00000008013f87d0,
buff1="mozilla.org", buff2="mozilla.org") at dnssec.c:304
frame #1: 0x00000000002714c1 dnsmasq`validate_rrset(now=1562977226,
header=0x0000000801a29000, plen=512, class=1, type=5, sigidx=8,
rrsetidx=27430912, name="incoming.telemetry.mozilla.org",
keyname="mozilla.org", wildcard_out=0x00007fffffffe388,
key=0x0000000000000000, keylen=0, algo_in=0, keytag_in=0) at dnssec.c:506
frame #2: 0x0000000000273479
dnsmasq`dnssec_validate_reply(now=1562977226, header=0x0000000801a29000,
plen=512, name="incoming.telemetry.mozilla.org", keyname="mozilla.org",
class=0x0000000801a1f248, check_unsigned=1,
neganswer=0x0000000000000000, nons=0x0000000000000000) at dnssec.c:1920
frame #3: 0x000000000023306f dnsmasq`reply_query(fd=15, family=2,
now=1562977226) at forward.c:1029
frame #4: 0x000000000024211c
dnsmasq`check_dns_listeners(now=1562977226) at dnsmasq.c:1644
frame #5: 0x0000000000240bab dnsmasq`main(argc=6,
argv=0x00007fffffffe9f8) at dnsmasq.c:1104
frame #6: 0x000000000021311b dnsmasq`_start(ap=<unavailable>,
cleanup=<unavailable>) at crt1.c:76
My dnsmasq.conf is below.
Does anybody have any clues, please?
Thanks,
Graham
conf-file=/etc/dnsmasq-conf.conf
resolv-file=/etc/dnsmasq-resolv.conf
server=8.8.8.8
server=8.8.4.4
# use DNSSEC
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
dnssec-check-unsigned
# filter what we send upstream
domain-needed
bogus-priv
localise-queries
# allow /etc/hosts and dhcp lookups via *.lan
domain=menhennitt.com.au
expand-hosts
no-negcache
# enable dhcp (start,end,netmask,leasetime)
dhcp-authoritative
dhcp-range=re0,203.3.73.51,203.3.73.90,255.255.255.0,12h
# default route(s)
dhcp-option=3,203.3.73.1
# use /etc/ethers for static hosts; same format as --dhcp-host
# <hwaddr> <ipaddr>
read-ethers
More information about the Dnsmasq-discuss
mailing list