[Dnsmasq-discuss] Segfault with DNSSEC

simon at simongoodall.co.uk simon at simongoodall.co.uk
Thu Mar 27 21:32:56 UTC 2014


On Fri, Mar 21, 2014 at 11:16:42AM +0000, Simon Kelley wrote:
> On 20/03/14 22:25, simon at simongoodall.co.uk wrote:
> > Hi,
> > 
> > I'm getting a segfault running dnsmasq with dnssec enabled.
> > 
> > Logs show the following;
> > 
> > dnsmasq[10172]: query[AAAA] www.ncbi.nlm.nih.gov from 192.168.1.4
> > dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.8.8.8
> > dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.8.8.4
> > dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 2001:4860:4860::8888
> > dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 2001:4860:4860::8844
> > dnsmasq[10172]: dnssec-query[DNSKEY] ncbi.nlm.nih.gov to 8.8.8.8
> > dnsmasq[10172]: query[A] www.ncbi.nlm.nih.gov from 192.168.1.4
> > dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.8.8.8
> > dnsmasq[10172]: query[AAAA] www.ncbi.nlm.nih.gov from 192.168.1.4
> > dnsmasq[10172]: dnssec retry to 0.0.0.0
> > 
> > and running in gdb yields;
> > 
> > #0  0x00024e44 in forward_query (udpfd=8, udpaddr=0xbefff7c0, dst_addr=0xbefff7ac, 
> >     dst_iface=2, header=0x71de8, plen=45, now=1395350397, forward=0x84430, ad_reqd=0, 
> >     do_bit=0) at forward.c:294
> > #1  0x0002790c in receive_query (listen=0x74768, now=1395350397) at forward.c:1280
> > #2  0x000313a0 in check_dns_listeners (set=0xbefff8b8, now=1395350397) at dnsmasq.c:1436
> > #3  0x0002fc1c in main (argc=4, argv=0xbefffcf4) at dnsmasq.c:951
> > (gdb) 
> > 
> > (gdb) print forward
> > $1 = (struct frec *) 0x84430
> > (gdb) print forward->rfd6
> > $2 = (struct randfd *) 0x0
> > (gdb) 
> > 
> > I am running version from git -  v2.69test11.9.g0c8584e  on an arch linux arm box. I am regularly seeing a segfault when browsing this site, although not for every query.
> > 
> 
> Many thanks. I've found, I think, the problem and pushed a fix for it to
> git.
> 
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2b29191e7c6dcfd262997bdaf7bc8c6d539efa87
> 
> Please could you see if that improves things?
> 
> 
> Cheers,
> 
> Simon.

Got another segfault today. I didn't get a stacktrace this time, but the retry to now prints an ipv6 address rather than 0.0.0.0. 
Looking at your change, it doesn't look to me like it stops the null dereference of rfd6 in fd = forward->rfd6->fd.

Simon
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list